Malware

Question 1

In IA-32 registers, which are generic registers that can be used for any integer, Boolean, logical, or memory operation?

Answer 1

EAX, EBX, and EDX

Question 2

In IA-32 registers, what is sometimes used as a counter by repetitive instructions that require counting, but is still a generic register?

Answer 2

ECX

Question 3

In IA-32 registers, what are frequently used as a source and destination pointers in instructions that copy memory?

Answer 3

ESI & EDI (SI for Source Index, and DI for Destination Index)

Question 4

In IA-32 registers, what points to the stack position right after the return address for the current function?

Answer 4

EBP (extended base pointer)

Question 5

what stores the current position in the stack?

Answer 5

ESP (Extended Stack Pointer)

Question 6

In IA-32 registers, what holds the address of the next line of code to be executed by the program? (so it is always pointing to the next thing to do)

Answer 6

EIP (Extended Instruction Pointer)

Question 7

In IA-32, what are status registers, commonly used to influence jumps in assembly, as they all reflect the current state of the CPU, holds a value representing current state of processor?

Answer 7

EFLAGS

Question 8

What state is the flag (EFLAGS) set to during an execution?

Answer 8

Set(1) or Cleared(0), based on result of the last operation.

Question 9

What are instructions in assembly based around?

Answer 9

Operation code (opcode)

Question 10

What is the size range of an opcode?

Answer 10

1-8 bytes

Question 11

What are examples of opcodes?

Answer 11

MOV, CMP, AND, OR, XOR, etc

Question 12

What comes after the opcode in assembly commands and is where data is stored?

Answer 12

Destination

Question 13

What comes after the opcode and where data is stored and reflects where data is coming from?

Answer 13

Source

Question 14

What is an example of a full assembly command?

Answer 14

MOV EAX, 0, which will move the value of 0 to the destination of EAX

Question 15

What is the code for an unconditional jump and what does it do?

Answer 15

JMP, jumps to destination address no matter what

Question 16

What jumps are conditional and based on the status of the Zero flag?

Answer 16

JZ, JNZ, JE

Question 17

What jumps are conditional, and based on status of more than one flag that determine if the case is greater than or equal to, or less than or equal to?

Answer 17

JLE and JGE

Question 18

What is an is a NOP command?

Answer 18

an opcode meaning No-Operation and it simply does nothing. execution simply proceeds to next instruction