3

I want to learn assembly, but I am not sure what instruction set (if that is correct term?) I should learn?

I have prior experience in programming, and I did a degree in Computer Science but amazingly it was never covered.

I need to be taught the basics, a pointer at what resources I should learn from.

I want to learn: terminology, setting up environment, hello world, which instruction sets to focus on for the reasons I detail in the next paragraph.

I will use this with my C/WinAPI experience for Malware development (I do Red Team engagements), and for reverse engineering. A brief background of the different instruction sets would be great, but my focus is 99% on Windows at the moment.

I like to see what the "big boys" are using in terms of Stuxnet, or how huge products like Photoshop are reverse engineered.

EDIT: I might be wrong but this tutorial seems to make a program in assembly that works on every CPU?

https://www.codejuggle.dj/creating-the-smallest-possible-windows-executable-using-assembly-language/

So now I am very confused!

user5623335
  • 381
  • 1
  • 4
  • 12
  • 3
    If you learn x86, then ARM and MIPS will be easy. – RoraΖ Jun 15 '18 at 15:44
  • Question is primarily opinion based, I have flagged. –  Jun 15 '18 at 15:53
  • 1
    @JoshuaJones How is it opinion based when certain instruction sets like MIPS will clearly not work for reverse engineering studies? :/ – user5623335 Jun 15 '18 at 15:55
  • @securityauditor "I want to learn assembly, but I am not sure what instruction set (if that is the correct term?) I should learn?" - you're asking *what* you should learn, this will only cause discussion & opinionated answers two things we're not keen on. –  Jun 15 '18 at 15:59
  • 1
    @JoshuaJones So how should I ask this question where I get told what to study to achieve my goals but avoid opinions? :-( – user5623335 Jun 15 '18 at 16:02
  • 3
    If you're asking *what* you "should" study - then it will always include opinionated answers some of which may be decent most of them probably not. Then this will lead to comments flooded with discussions. In essence; this isn't exactly the kind of site where you should ask *what to study to achieve your goals* –  Jun 15 '18 at 16:03
  • [This question is being discussed on meta.](https://security.meta.stackexchange.com/questions/3004/how-did-i-manage-to-flag-this-question-twice) – Script47 Jun 15 '18 at 22:35

3 Answers3

7

My advice would be to first learn MIPS to wrap your head around how exactly heap and stack and OS calls work and then move on to x86 since you want to focus on developing malware for Windows.

EDIT: Why would you think it works on every CPU? The article itself only alleges that it works on all Windows versions and nothing more.

Gillian
  • 492
  • 1
  • 3
  • 13
  • Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackexchange.com/rooms/79047/discussion-on-answer-by-gillian-what-assembly-should-i-learn). – Rory Alsop Jun 18 '18 at 17:27
2

My advise: Learn the instruction sets and technology that your machine CPU uses. It is the place you are going to use to prepare your labs and do your experiences to learn.

If you are using Intel CPU in your machine learn that topic. Intel used to have very good documentation.

If you are using an ARM CPU then learn ARM instructions as they are a bit different from Intel x64...

The basics do not differ much from each other cpu so you will be able to adapt in short time.

Hugo
  • 1,701
  • 11
  • 12
  • If I learn x86 like Gillian suggested in their answer above would it not work on every CPU? Why learn ARM or Intel when I can learn x86 which works on both? :-/ – user5623335 Jun 15 '18 at 15:54
  • 3
    Huh? x86 does not work on ARM. – forest Jun 15 '18 at 19:25
  • X86 we can say that for example a register is called instruct pointer, in 32 bits is called extended instruction pointer and in 64 bits has another name. If you move to arm you will have different specifics depending on arm cpu model. The basics is the same that is why I say learn one and it is easy to adapt to another. – Hugo Jun 15 '18 at 21:23
  • To make a more clear picture of what I was saying: ARM basic instructions are the following: PC - Program Counter, LR Link Register, SP Stack Pointer, IP Intra Procedure register. In Intel CPU x64 we have the following: Accumulator RAX, Counter RCX, Data RDX, BASE RBX, Stack Pointer RSP Stack Base Pointer RBP Source RSI Destination RDI... if you move down the lather to 16 or 8 bits you will have more similarities but do you wish to build malware in 16bits? or 8 bits? Bu in the end if you learn any architecture well you will be able to do the bridge to other architectures. – Hugo Jun 18 '18 at 11:48
2

If you want to start with the absolute basics, you may want to try MCS-51, a simple instruction set used on microcontrollers such as the 8051. It will help you learn the fundamentals of assembly. It is often the first assembly language taught in classes due to its simple yet ubiquitous nature. Next to that, MIPS is a rather simple RISC ISA with fixed-sized instructions and is good for learning.

forest
  • 64,616
  • 20
  • 206
  • 257