Job in Assembly?

+5 Tommy Hillis · August 27, 2014
Is Assembly still a necessary language to learn? I have never worked with any low level languages like it. Is it even possible to get a job in Assembly anymore?

Post a Reply


Oldest  Newest  Rating
+1 Tatrasiel R · August 30, 2014
Yes, there is they're jobs in this still typically, as security malware engineers. Most malware now a days has some sort of ASM low level programming in shape way shape or form.

For example one of the most popular exploits out there...

again attacking windows SMB protocol.

SHELLCODE is just a string of bytes that are commands.

so 68 FF 00 00 00 would be push 255


you can use this to get convert shellcode to ASM

hope it helps.

I recommend learning ASM anyway cause you really understand how things work. Also keep in mind  that memory isn't unlimited.

0 Daniel Aizenberg · November 12, 2014
hey, ofc that ASM is not really necessary for a high tech job, you won't be writing programs in ASM, but assembly is really gonna help to your programming skills, also i know that apple developers are required to know SOME assembly, so you don't really have to learn it, but if you do it's gonna only help you.   
0 Roger Pettersson · November 26, 2014
I would say that its a very logic step, programming in assembly, going from software to hardware or vice versa. Printed circuit board engineering (electronics) for example uses assembly logic "thinking". It might sometime see very basic looking at one NAND or OR gate truth-table. But set 10 or more of those in different connections and you have yourself a quite nasty boolean algebra problem to solve. But... this is just my experience, because i always ask myself how does it work ? What does it do ? What the hell is going on ? And every time i look at some programming language, i freak out. Because i cant translate it... but i would understand it more (in common sense) if  it breaks down to assembly language.

From my case, i want to know where  C++ to assembly is. Or any other language for that matter. Wouldnt it be lovely to have such a neat translator ? ;)
But i guess, sometimes, you must settle for less and dont bother about what is going on behind the scene and sit down and enjoy the movie. And i do like movies, not to mention computer games.

There is a nice video that brings this topic up actually. What good is assembly actually ?

0 Tatrasiel R · January 19, 2015
@ Roger Pettersson  You cannot directly convert assembly to c++ . Such a thing will probably not exist; maybe in the late future if at all.

The reason is the code in assembly is all opp codes and variables are typically stripped and with out symbols. 

Humans however, are rather amazing computers. You can however learn to convert ASM into pseudo C like code and then into C++.

A program that does this is IDA PRO. Ida pro is great! I will admit it makes several mistakes some of which, being that variables will be doubled or you'll see it think that a function returns an int when the function is a void.

I found that one thing that helps reversing back to C++ is to use the libraries and calls that the program uses. So a program may use DDRAW or it might use user32 to call MessageBox; one should spend time in these languages to compile them and understand how the particular compiler will interpret that code to be.

Let's take a look at a simple program

.text:00401341                 push    ebp
.text:00401342                 mov     ebp, esp
.text:00401344                 and     esp, 0FFFFFFF0h
.text:00401347                 sub     esp, 20h
.text:0040134A                 call    ___main
.text:0040134F                 mov     [esp+20h+var_4], 0Fh
.text:00401357                 mov     [esp+20h+var_8], 13h
.text:0040135F                 mov     eax, [esp+20h+var_4]
.text:00401363                 mov     [esp+20h+var_1C], eax
.text:00401367                 mov     eax, [esp+20h+var_8]
.text:0040136B                 mov     [esp+20h+Format], eax
.text:0040136E                 call    _funct
.text:00401373                 mov     [esp+20h+var_C], eax
.text:00401377                 mov     eax, [esp+20h+var_C]
.text:0040137B                 mov     [esp+20h+var_1C], eax
.text:0040137F                 mov     [esp+20h+Format], offset Format ; "%d"
.text:00401386                 call    _printf
.text:0040138B                 mov     eax, 0
.text:00401390                 leave
.text:00401391                 retn

.text:00401341                 push    ebp
.text:00401342                 mov     ebp, esp

This is just what every function does to save the return address when entering a function.

.text:00401344                 and     esp, 0FFFFFFF0h
.text:00401347                 sub     esp, 20h

This is a funny thing that compilers do that will make you thing Really?! stupid computer! 
and operation is a way of doing binary math. In this case it will subtract ESP 8 which is odd considering the next instruction will subtract again another 0x20h ... so a human writing this would already optimize this by doing something like sub esp,28h.

.text:0040134A                 call    ___main

Jumping into our main function

.text:0040134F                 mov     [esp+20h+var_4], 0Fh
.text:00401357                 mov     [esp+20h+var_8], 13h
.text:0040135F                 mov     eax, [esp+20h+var_4]
.text:00401363                 mov     [esp+20h+var_1C], eax
.text:00401367                 mov     eax, [esp+20h+var_8]
.text:0040136B                 mov     [esp+20h+Format], eax

mov     [esp+20h+var_4], 0Fh ;  movs 15 into a "safe" spot in the stack
mov     [esp+20h+var_8], 13h ; movs 19 into a "safe" spot in the stack
mov     eax, [esp+20h+var_4] ;  movs 15 into EAX
mov     [esp+20h+var_1C], eax ; Again another sort of silly thing but not too bad; it moves 15 from EAX on to the second to the top of the stack
mov     eax, [esp+20h+var_8] ;  moves the next variable into the top of the stack.

CALL 00401334

This is the function that we are calling with-in main I have named it functs() . because they're not any symbols we cannot see this for its name.
it moves 15 to EAX and 19 to EDX.

with in functs we see 

So we see that the two numbers have been added and returns are made to EAX; so we have 34 or 0x22 currently in  EAX;

mov     [esp+20h+var_C], eax
moves the total onto the stack

mov     eax, [esp+20h+var_C]
Again, an inefficient instruction its moving the total from the stack back into EAX which isn't needed at all.

mov     [esp+20h+var_1C], eax
then again it moves the total from eax to the second spot on the stack

mov     [esp+20h+Format], offset Format ; "%d"
moves 00403024 or "%d" to the top of the stack;

.text:00401386                 call    _printf
calls printf

So here is what source would look like:

functs(int var1, int var2)
     int var3 = var1+var2;
      return var 3;


int main()
int a = functs(15, 19);

printf("%d", a);
return 0;

0 Tatrasiel R · January 19, 2015
Sorry I may have spammed a ton of times making that :)
0 Landon Luman · January 19, 2015
It's not spamming if it's on the forum! :D
0 Tatrasiel R · February 1, 2015

Please see the manual for the "gcc -S" option:

I work in malware analysis . We aren't compiling at all , but rather needing to take the malware back to a (at least pseudo)source to get a feel for impact and understanding the complexity of what we are working against.

You cannot directly convert assembly to c++ . Such a thing will probably not exist; maybe in the late future if at all.

I usually convert if over to C and then work on to C++ and the key word here was directly. I suppose you could do this as c++ , I think certain areas would be difficult but possible with time.

This leads to my next point: The assembly you've shown us probably wasn't compiled using the highest level of optimisation, and if it was then it was compiled using a rather poor quality compiler. I would expect a decent optimising compiler to inline such a small function, since it's less code to just add the numbers than it is to call the function that adds the numbers.

It was compiled using gcc, which isn't terrible(I personally, have a bit of a love affair with it). I think all compilers make these kinds of mistakes, which is why optimization is important. I also don't think I have ever worked with optimized assembly.... I imagine it is pretty nice.

I would like to make a tutorial series that would like to go into the many uses of assembly. I will see how that works out though.
0 Roger Pettersson · February 5, 2015
About translating c++ to assembly... i meant if i write for example "for i in x: print(i)", what would be the equal code in assembly ?

So what i would like is to copy paste: for i in x: print(i), into this imaginary translator (like google translate) and get the assembly code.

Why would i like that ? Because, you could implement it not only in software, but into hardware. 
0 Tatrasiel R · February 12, 2015
Converting C++ or C to assembly is simple. it's the other way around that takes skill ;)

Here is something that might help a little bit. Also look at what was above posted

I posted above, this can help.
Please see the manual for the "gcc -S" option:

Usually for loops have something like the TotalValue moved to a register and then they decrements in each loop and when that register hits 0 , it jumps out of the loop.

Let me try to get an example.
There is a little bit more to this as I am trying to keep it simple but this is the general idea.

global _main
extern _printf

section .data
msg db "THIS WORKED!",0xA,0

section .bss
section .text

push ebp
mov ebp, esp
mov esi, 5 ;#count of iterations.


push msg
call _printf
add esp, 4
dec esi   ;# We need to decrement the count so that this 
 ;# doesn't go on forever.
jnz _loop ;# when ESI is 0 we can stop jumping and leave to
         ;# gracefully exit the program.
mov esp,ebp
pop ebp


I hope this helps make sense of how this is done.
  • 1



Language that is commonly used in operating systems, compilers, and other low level programs.

Bucky Roberts Administrator