A Beginner's Guide to x86 Assembly Language: Registers, Memory Model, and Instruction Examples

Programming in high‑level languages is actually writing code for humans; the computer only understands binary instructions generated by a compiler. To truly grasp how a CPU executes code, one must study assembly language, the textual representation of machine instructions.

1. What is Assembly Language? Assembly is a low‑level language that maps one‑to‑one with binary opcodes (e.g., the addition opcode 00000011 becomes the mnemonic ADD ). It makes machine code readable for humans.

2. History Early computers required programmers to toggle switches or punch paper tape with binary codes. To improve readability, engineers first used octal, then switched to textual mnemonics and labels, creating the modern assembly language and assemblers.

3. Registers The CPU performs calculations using registers, which are fast, small storage locations identified by names (e.g., EAX , EBX ). Registers act as a level‑1 cache, allowing the CPU to avoid slower main‑memory accesses.

4. Types of Registers Early x86 CPUs had eight registers (EAX, EBX, ECX, EDX, EDI, ESI, EBP, ESP). The first seven are general‑purpose; ESP holds the current stack pointer.

5. Memory Model – Heap The operating system allocates a contiguous memory region for a process (e.g., from 0x1000 to 0x8000 ). Dynamic allocations (e.g., malloc ) carve out blocks from the low‑address side, growing upward. The heap persists until explicitly freed or reclaimed by garbage collection.

6. Memory Model – Stack The stack stores temporary data for function calls. When a function starts, a stack frame is created; local variables (e.g., a , b ) are placed in this frame. Frames are pushed ("push") and popped ("pop") in a LIFO order, and the stack grows downward from high addresses.

7. CPU Instructions – Example

Consider the following C program ( example.c ) and the assembly generated by gcc -S example.c :

int add_a_and_b(int a, int b) {
    return a + b;
}

int main() {
    return add_a_and_b(2, 3);
}

The simplified assembly ( example.s ) looks like:

_add_a_and_b:
    push   %ebx
    mov    %eax, [%esp+8]
    mov    %ebx, [%esp+12]
    add    %eax, %ebx
    pop    %ebx
    ret

_main:
    push   3
    push   2
    call   _add_a_and_b
    add    %esp, 8
    ret

7.1 push stores an operand on the stack and adjusts ESP downward by 4 bytes.

7.2 call jumps to a function label, creating a new stack frame.

7.3 mov copies a value between registers or between memory and a register (e.g., mov %eax, [%esp+8] loads the first argument into EAX ).

7.4 add adds two registers and stores the result in the first operand ( add %eax, %ebx yields 5).

7.5 pop restores a previously saved register and increments ESP by 4.

7.6 ret ends the current function, discarding its frame and returning control to the caller.

By stepping through each instruction, the article demonstrates how high‑level constructs like function calls and arithmetic are translated into low‑level operations that the CPU executes.

References

Introduction to reverse engineering and Assembly, Youness Alaoui – link

x86 Assembly Guide, University of Virginia CS – link