PUSH

Places an item on the stack and increments the stack pointer.

POP

Removes an item from the stack and places it in the register identified in the operand as well as decrementing the stack pointer.

MOV

Moves a value of from the source to the destination.

SUB

Subtracts the source from the destination.

ADD

Adds the source to the destination.

RET

Takes the current value of the stack pointer and places it into the instruction pointer. Also for functions called via stdcall, there will be a value indicating how many bytes to subtract from the current stack pointer to clean up the parameters passed to the function.

CALL

Pushes the return address on the stack (which is the address that will be executed when the function called returns) and places the address stored in the operand in the EIP register. For example, CALL 0X006682568 calls a function in the same module. CALL [0x00401234] calls a function in another module. CALL [EAX + 24] calls a function via a vtable.

AND

Logical AND.

OR

Logical OR.

NOT

Complement operation (opposite).

INC

Increments the operand by one.

DEC

Decrements the operand by one.

SHL

Multiplies by two.

SHR

Divides by two.

DIV

Performs unsigned division.

MUL

Performs unsigned multiplication.

IDIV

Performs signed division.

IMUL

Performs signed multiplication.

MOVSX

Moves with sign-extend. This operation copies smaller values to larger values and dictates the way the upper bits are filled.

MOVZX

Moves with zero-extend. This operation copies smaller values to larger values and dictates the way the upper bits are filled.

LEA

Loads the destination register with the address of the source operand. Used to load locals or parameters into registers. The & statement in an assignment would use this.

CMP

Compares the source to the destination operands; for example if(a == b).

TEST

Performs a bitwise AND; for example, if (a & b).

JMP

Appears at the end of a loop or on an exit or goto statement.

JE

Jumps if equal.

JL

Jumps if less than.

JG

Jumps if greater than.

JNE

Jumps if not equal.

JGE

Jumps if greater than or equal to.

JLE

Jumps if less than or equal.

JNZ

Jumps if not zero.

JZ

Jumps if zero.

LOOP

Used in loop statements, and ECX is the counter (for, while, do…while).

MOVS

memcpy that moves ESI into EDI. Used to move strings.

SCAS

Scans string; used to compare the value of EDI with the value stored in EAX.

STOS

Stores string; used to store the value of EAX in EDI.

CMPS

Compares string (memcmp)

XOR

Zeros out the value of the operand.

EAX

AX

AL

AH

Stores return values

EBX

BX

BL

BH

ECX

CX

CL

CH

This pointer, loop counter, fastcall parameter

EDX

DX

DL

DH

ESI

SI

Source compare or string

EDI

DI

Destination compare or string

ESP

SP

Stack pointer

EBP

BP

Base pointer

EIP

Instruction pointer

cdecl

Right to left

Caller—RET

_Foo

Default for C & C++

stdcall

Right to left

Called—RET X

_Foo@12

@ followed by number of bytes passed as arguments

fastcall

First two DWORDs are stored in ECX and EDX; rest are passed right to left

Called—RET X

@Foo@12

@ followed by number of bytes passed as arguments

thiscall

Right to left, the this pointer is stored in ECX

Called—RET X

None

Used by member functions