WEBVTT 00:00.720 --> 00:01.520 Hello everyone. 00:01.520 --> 00:07.160 I'm Typhoon here again and in this lecture we are diving deeper into how assembly instructions are translated 00:07.160 --> 00:10.480 into Opcode Bytes, which is the actual machine code. 00:10.480 --> 00:13.560 Your CPU understands and executes. 00:14.720 --> 00:20.320 Every instruction you write in assembly is ultimately turned into a series of hexadecimal bytes stored 00:20.320 --> 00:21.200 in memory. 00:21.240 --> 00:24.800 Now let's break down exactly how this happens. 00:25.360 --> 00:27.720 First, let's answer this question here. 00:27.960 --> 00:30.680 What are opcode bytes? 00:32.120 --> 00:38.200 So each assembly instruction has an equivalent opcode or operation code. 00:38.200 --> 00:45.800 Here this is a binary or hexadecimal code that tells the processor what operation to perform. 00:45.960 --> 00:52.480 Now think of it as the machine level version of an instruction like move or move here. 00:54.200 --> 01:03.840 And this preceding code, the move instruction is equivalent to the B opcode byte and the MOV move instruction 01:03.840 --> 01:13.360 at the 008992 D81 address is equivalent to B nine. 01:13.520 --> 01:23.680 So the difference between the two move instruction is the registers into which the Dword value is moved. 01:23.840 --> 01:34.280 So there are a total of five five bytes consumed in move x uh eight and seven zeros. 01:35.160 --> 01:38.840 And it consists of the opcode byte b eight. 01:39.160 --> 01:48.560 And the operand value is uh eight and seven zeros, which is the same number of bytes is also used in 01:48.600 --> 01:49.440 mov e. 01:52.000 --> 01:59.080 Two and the mul e uh uses uh two bytes as well. 02:00.000 --> 02:09.990 So mov eax So eight and seven zeros located at 02:11.830 --> 02:19.190 00A, 9D7C. 02:21.550 --> 02:22.110 C h. 02:22.110 --> 02:32.510 Here is hexadecimal, uh, and we get to the address of the next instruction with this here. 02:34.430 --> 02:38.190 So leaving the code in the memory, uh, would look like this. 02:38.350 --> 02:43.190 Uh, so address is, uh, let's example, let's actually write this down. 02:43.550 --> 02:49.590 So for example 00A92D7C 02:50.350 --> 02:52.310 the bytes is going to be what be 02:52.350 --> 02:59.790 800000080B9. 03:01.110 --> 03:04.950 You see here B9 zero two. 03:05.710 --> 03:07.870 And again 0000. 03:08.190 --> 03:13.470 And lastly, the F7 and E one. 03:14.950 --> 03:21.990 This is how, uh, the this, uh, operation codes would be looked in a memory. 03:22.310 --> 03:27.030 A dump of memory is usually shown in, uh, memory dumps. 03:27.030 --> 03:30.870 I will write, uh, here, uh, or paragraphs. 03:30.870 --> 03:42.150 So these are the 16 bytes per line and address aligned to ten hexadecimal and assembly language instructions, 03:42.150 --> 03:50.070 as you learned from our previous lecture, are categorized, uh, for the copying and accessing data 03:50.070 --> 03:50.630 instructions. 03:50.630 --> 04:04.670 For example, move uh, arithmetic instructions like add, uh, sop, mul, multiply and the diff here 04:05.790 --> 04:17.180 binary logic instructions uh xor Or not is our role and flow of control. 04:17.380 --> 04:21.460 Uh, example uh GMP call. 04:23.580 --> 04:26.820 Uh cmp and int. 04:28.580 --> 04:33.020 Now that's it with our lecture in summary. 04:33.060 --> 04:36.020 Opcodes are the true form of your assembly instruction. 04:36.620 --> 04:41.900 Uh, the actual bytes that the CPU reads and executes. 04:42.300 --> 04:46.140 And each instruction has a specific byte pattern. 04:46.580 --> 04:52.980 And then understanding how they are laid out helps you reverse engineer software with precision. 04:53.060 --> 04:59.980 Next time we'll look at assembly window or memory dump, and you will be able to spot and interpret 04:59.980 --> 05:01.900 the instruction bytes like a pro. 05:02.380 --> 05:03.340 Stick around. 05:03.340 --> 05:05.060 And this is just the beginning. 05:05.100 --> 05:06.860 We are going to dive deeper. 05:07.060 --> 05:12.020 Thank you for watching and I'm waiting for you in the next lecture.