ROADMAP ASSEMBLY¤

GIAI ĐOẠN 1: NỀN TẢNG CƠ BẢN (3-4 tháng)¤

Khởi đầu¤

Kiến thức tiên quyết¤

Hệ thống số: Binary, Hexadecimal, Octal
Chuyển đổi giữa các hệ số
Boolean algebra
Logic gates
Binary arithmetic: cộng, trừ, nhân, chia
Two's complement
Bit operations: AND, OR, XOR, NOT, shift
Computer architecture basics

Môi trường phát triển¤

Assemblers: NASM, MASM, GAS (GNU Assembler), FASM, YASM
Linkers: ld, link.exe
Debuggers: GDB, OllyDbg, x64dbg, WinDbg, IDA Pro, Ghidra
Emulators: QEMU, Bochs, DOSBox
Text editors: VS Code, Vim, Notepad++
IDE: Visual Studio, SASM, Emu8086

Assembly Flavors¤

Intel syntax vs AT&T syntax
NASM syntax
MASM syntax
GAS syntax
Inline assembly trong C/C++

Computer Architecture Fundamentals¤

CPU Architecture¤

Von Neumann architecture
Harvard architecture
Instruction cycle: Fetch-Decode-Execute
Clock cycles
Pipeline basics
Branch prediction
Cache hierarchy: L1, L2, L3
Memory hierarchy
Bus architecture

Registers (x86/x64)¤

General Purpose Registers (GPR):
AX, BX, CX, DX (16-bit)
EAX, EBX, ECX, EDX (32-bit)
RAX, RBX, RCX, RDX (64-bit)
AL, AH, BL, BH, CL, CH, DL, DH (8-bit)
Index Registers: SI, DI, ESI, EDI, RSI, RDI
Pointer Registers: BP, SP, EBP, ESP, RBP, RSP
Instruction Pointer: IP, EIP, RIP
Segment Registers: CS, DS, SS, ES, FS, GS
Flags Register: EFLAGS, RFLAGS
ZF (Zero Flag)
CF (Carry Flag)
SF (Sign Flag)
OF (Overflow Flag)
PF (Parity Flag)
AF (Auxiliary Flag)
IF (Interrupt Flag)
DF (Direction Flag)
TF (Trap Flag)

Memory Organization¤

Memory addressing
Segmented memory model
Flat memory model
Little-endian vs Big-endian
Memory segments: Code, Data, Stack, Heap
Virtual memory
Memory paging
Memory protection

x86 Assembly Basics (16-bit Real Mode)¤

Program Structure¤

Sections: .data, .bss, .text
Labels
Comments: ; single line
Directives: DB, DW, DD, DQ, DT
Data definitions
EQU directive
TIMES directive
Global và External declarations

Data Types¤

Byte (8-bit): DB
Word (16-bit): DW
Double Word (32-bit): DD
Quad Word (64-bit): DQ
Ten Bytes (80-bit): DT
String definitions
Arrays
Structures (STRUC)

Basic Instructions¤

Data Movement¤

MOV: move data
XCHG: exchange
LEA: load effective address
LDS, LES: load pointer
PUSH: push onto stack
POP: pop from stack
PUSHF, POPF: flags
IN, OUT: I/O operations

Arithmetic Instructions¤

ADD: addition
ADC: add with carry
SUB: subtraction
SBB: subtract with borrow
INC: increment
DEC: decrement
NEG: negate
MUL: unsigned multiply
IMUL: signed multiply
DIV: unsigned divide
IDIV: signed divide
CMP: compare

Logical Instructions¤

AND: bitwise AND
OR: bitwise OR
XOR: bitwise XOR
NOT: bitwise NOT
TEST: logical compare
SHL/SAL: shift left
SHR: shift right
SAR: arithmetic shift right
ROL: rotate left
ROR: rotate right
RCL: rotate through carry left
RCR: rotate through carry right

Control Flow¤

JMP: unconditional jump
Conditional jumps:
JE/JZ: jump if equal/zero
JNE/JNZ: jump if not equal/not zero
JG/JNLE: jump if greater
JGE/JNL: jump if greater or equal
JL/JNGE: jump if less
JLE/JNG: jump if less or equal
JA: jump if above (unsigned)
JAE: jump if above or equal
JB: jump if below
JBE: jump if below or equal
JS: jump if sign
JO: jump if overflow
JP: jump if parity
JC: jump if carry
CALL: procedure call
RET: return from procedure
LOOP: loop counter
LOOPE/LOOPZ: loop if equal
LOOPNE/LOOPNZ: loop if not equal

String Instructions¤

MOVS: move string
CMPS: compare string
SCAS: scan string
LODS: load string
STOS: store string
REP prefix: repeat
REPE/REPZ: repeat while equal
REPNE/REPNZ: repeat while not equal
Direction flag: CLD, STD

Addressing Modes¤

x86 Addressing Modes¤

Immediate addressing: MOV AX, 5
Register addressing: MOV AX, BX
Direct addressing: MOV AX, [1234h]
Register indirect: MOV AX, [BX]
Indexed addressing: MOV AX, [SI]
Based addressing: MOV AX, [BX+SI]
Based indexed: MOV AX, [BX+SI+disp]
RIP-relative (x64): MOV RAX, [RIP+offset]

Procedures và Functions¤

Procedure Basics¤

PROC và ENDP directives
CALL và RET
Near vs Far procedures
Parameter passing
Stack frames
Local variables
Recursion basics
Leaf functions

Stack Management¤

Stack pointer (SP, ESP, RSP)
Base pointer (BP, EBP, RBP)
PUSH và POP operations
Stack growth direction
Stack alignment
Stack overflow
Stack smashing

Program Development¤

Assembly Process¤

Writing source code
Assembling: .asm -> .obj
Linking: .obj -> .exe
Object file formats: COFF, ELF, Mach-O
Relocatable code
Position-independent code (PIC)

Hello World Programs¤

DOS INT 21h
Linux syscalls
Windows API calls
Basic I/O operations

Debugging Basics¤

Breakpoints
Step-through execution
Register inspection
Memory examination
Stack trace
Disassembly view

GIAI ĐOẠN 2: INTERMEDIATE (4-5 tháng)¤

x86-32 (Protected Mode)¤

Protected Mode Concepts¤

Protected mode vs Real mode
Privilege levels: Ring 0-3
Segmentation
Descriptor tables: GDT, LDT, IDT
Segment selectors
Task State Segment (TSS)
Memory protection
Paging mechanisms

32-bit Registers¤

Extended registers: EAX, EBX, ECX, EDX
Extended pointers: ESI, EDI, EBP, ESP
Extended instruction pointer: EIP
Segment registers usage
Control registers: CR0, CR2, CR3, CR4
Debug registers: DR0-DR7

32-bit Instructions¤

Extended instruction set
MOVZX, MOVSX: move with extend
BSWAP: byte swap
BSF, BSR: bit scan
BT, BTC, BTR, BTS: bit test
SHLD, SHRD: double precision shift
ENTER, LEAVE: stack frame
PUSHA, POPA: push/pop all
IMUL extended forms
Conditional moves: CMOVcc

x86-64 (Long Mode)¤

64-bit Architecture¤

Long mode vs Legacy mode
64-bit registers: RAX, RBX, RCX, RDX, RSI, RDI, RBP, RSP
Additional registers: R8-R15
8-bit access: R8B-R15B
16-bit access: R8W-R15W
32-bit access: R8D-R15D
RIP-relative addressing
Default operand size
Address size override
REX prefix

Calling Conventions¤

cdecl (C declaration)
stdcall (Standard call)
fastcall
Microsoft x64 calling convention
System V AMD64 ABI (Linux)
Parameter passing: registers vs stack
Return values
Caller-saved vs callee-saved registers
Shadow space (Windows x64)
Red zone (System V)
Stack alignment requirements

Advanced Instructions¤

SIMD Instructions¤

MMX: 64-bit SIMD
SSE: 128-bit SIMD (SSE, SSE2, SSE3, SSSE3, SSE4)
AVX: 256-bit SIMD (AVX, AVX2)
AVX-512: 512-bit SIMD
Vector registers: XMM0-XMM15, YMM0-YMM15, ZMM0-ZMM31
SIMD operations: packed operations
Data alignment for SIMD

Floating-Point Instructions¤

x87 FPU stack
FPU registers: ST(0)-ST(7)
FPU instructions: FLD, FST, FADD, FSUB, FMUL, FDIV
FPU control word
FPU status word
SSE scalar floating-point
AVX floating-point

Bit Manipulation¤

POPCNT: population count
LZCNT: leading zero count
TZCNT: trailing zero count
ANDN: logical AND NOT
BMI (Bit Manipulation Instructions)
BMI2 extensions

Operating System Interfaces¤

Linux System Calls¤

Syscall mechanism
Syscall numbers
Parameter passing
Return values
Common syscalls: read, write, open, close, exit
File operations
Process management
Memory management
Network operations

Windows API¤

Windows system calls
Kernel32.dll functions
User32.dll functions
Calling conventions
Parameter passing
Unicode vs ANSI
Error handling: GetLastError

BIOS Interrupts (Legacy)¤

INT 10h: video services
INT 13h: disk services
INT 16h: keyboard services
INT 21h: DOS services
Interrupt vector table

Memory Management¤

Stack Operations¤

Stack frames
Function prologue và epilogue
Local variable allocation
Parameter access
Return address handling
Stack pivoting
Stack cookies/canaries

Heap Management¤

Dynamic memory allocation
malloc/free implementation concepts
Memory leaks
Heap overflow
Use-after-free

Memory Models¤

Tiny model
Small model
Medium model
Compact model
Large model
Huge model
Flat model (32/64-bit)

Macros và Conditional Assembly¤

Macros¤

Macro definition: %macro
Macro parameters
Local labels trong macros
Multi-line macros
Macro expansion
Macro libraries
Conditional macros

Preprocessor Directives¤

%define, %undef
%include
%if, %elif, %else, %endif
%ifdef, %ifndef
%assign
Environment variables
Compile-time constants

Optimization Basics¤

Code Optimization¤

Register allocation
Instruction selection
Reducing memory access
Loop unrolling
Strength reduction
Common subexpression elimination
Dead code elimination

Performance Considerations¤

Instruction latency
Instruction throughput
Pipeline stalls
Branch misprediction costs
Cache-friendly code
Data alignment
Prefetching

GIAI ĐOẠN 3: ADVANCED (5-6 tháng)¤

Advanced Architecture¤

CPU Microarchitecture¤

Superscalar execution
Out-of-order execution
Register renaming
Speculation
Branch prediction algorithms
Return stack buffer
µop cache
Instruction decoder

Cache Architecture¤

Cache lines
Cache sets
Cache ways
Cache associativity
Write-through vs write-back
Cache coherence: MESI protocol
False sharing
Cache prefetching

Memory Ordering¤

Sequential consistency
Memory barriers
Load-load, load-store, store-store, store-load barriers
MFENCE, LFENCE, SFENCE
Acquire/release semantics
Volatile operations

Multithreading và Concurrency¤

Atomic Operations¤

LOCK prefix
XCHG (implicit lock)
CMPXCHG: compare and exchange
CMPXCHG8B/16B: double-word compare exchange
Atomic read-modify-write
Memory ordering với atomics

Synchronization Primitives¤

Spinlocks
Mutexes implementation
Semaphores
Condition variables
Read-write locks
Barriers
Lock-free algorithms

Thread-Local Storage¤

FS và GS segment registers
TLS implementation
Thread control block
%fs:0 (Linux), %gs:0 (Windows)

Exception Handling¤

Interrupts¤

Hardware interrupts
Software interrupts
Interrupt vector table
Interrupt descriptor table (IDT)
Interrupt gates
Trap gates
Interrupt priority
Interrupt masking

Exceptions¤

Divide-by-zero
Invalid opcode
General protection fault
Page fault
Stack fault
Exception handlers
Exception frame
Nested exceptions

Structured Exception Handling (SEH)¤

__try/__except (Windows)
Exception registration records
Exception chain
Exception filters
__finally blocks
Vectored Exception Handling (VEH)

Advanced Programming Techniques¤

Position-Independent Code (PIC)¤

RIP-relative addressing
GOT (Global Offset Table)
PLT (Procedure Linkage Table)
Dynamic linking
Lazy binding
ASLR implications

Self-Modifying Code¤

Code modification techniques
Cache coherency issues
Security implications
JIT compilation basics
Code injection

Polymorphic Code¤

Code obfuscation
Metamorphic engines
Encryption/decryption stubs
Anti-debugging techniques

Reverse Engineering¤

Disassembly¤

Static analysis
Control flow analysis
Data flow analysis
Cross-references
String analysis
Import/export tables
Recognizing compiler patterns

Dynamic Analysis¤

Debugging techniques
Breakpoint types: software, hardware, memory
Tracing execution
API hooking
Memory dumping
Unpacking
Anti-anti-debugging

Binary Analysis Tools¤

IDA Pro: disassembler
Ghidra: reverse engineering
Binary Ninja
Radare2
Hopper Disassembler
objdump, readelf
PE Explorer, CFF Explorer

Exploit Development¤

Buffer Overflows¤

Stack-based overflow
Heap-based overflow
Return address overwrite
Shellcode injection
NOP sleds
Egghunter technique

Protection Mechanisms¤

Stack canaries
DEP/NX: Data Execution Prevention
ASLR: Address Space Layout Randomization
SafeSEH
SEHOP
Control Flow Guard (CFG)
Shadow stack

Exploitation Techniques¤

Return-to-libc
ROP (Return-Oriented Programming)
JOP (Jump-Oriented Programming)
SROP (Sigreturn-Oriented Programming)
Heap spraying
Use-after-free exploitation
Format string vulnerabilities

Cryptography Implementation¤

Symmetric Encryption¤

AES implementation
DES/3DES
Block cipher modes
Stream ciphers
Optimized implementations

Hashing¤

MD5, SHA-1, SHA-256
HMAC
Cryptographic hash optimization
Side-channel resistance

Side-Channel Attacks¤

Timing attacks
Cache-timing attacks
Power analysis
Constant-time implementations
Countermeasures

GIAI ĐOẠN 4: SPECIALIZED DOMAINS (4-6 tháng)¤

Operating System Development¤

Bootloader Development¤

BIOS boot process
UEFI boot process
Master Boot Record (MBR)
GUID Partition Table (GPT)
Boot sectors
Stage 1 và Stage 2 bootloaders
Switching to protected/long mode
Loading kernel

Kernel Development¤

Kernel entry point
GDT setup
IDT setup
Interrupt handling
Memory manager basics
Process scheduler basics
System call interface
Driver framework

Device Drivers¤

Hardware interfacing
I/O ports: IN, OUT
Memory-mapped I/O
DMA (Direct Memory Access)
Interrupt handling
Driver models
Device registers
PCI configuration

Embedded Systems¤

Microcontroller Programming¤

ARM Assembly (Thumb, ARM modes)
AVR Assembly
PIC Assembly
MIPS Assembly
Register-level programming
GPIO manipulation
Timer/Counter programming
Interrupt configuration

Real-Time Systems¤

Deterministic execution
Interrupt latency
Task scheduling
Priority inversion
Watchdog timers
Power management
Low-power modes

Bare-Metal Programming¤

No OS environment
Startup code
Linker scripts
Memory layout
Exception vectors
Peripheral initialization
Communication protocols: UART, SPI, I2C

Compiler Development¤

Code Generation¤

Abstract Syntax Tree (AST)
Intermediate representation (IR)
Instruction selection
Register allocation
Instruction scheduling
Peephole optimization

Optimization Passes¤

Constant propagation
Dead code elimination
Loop optimization
Inline expansion
Tail call optimization
Vectorization

Game Development¤

Graphics Programming¤

VGA programming
Direct framebuffer access
Sprite rendering
Pixel manipulation
Double buffering
Palette manipulation
Mode 13h (320x200x256)

Performance-Critical Code¤

Inner loops optimization
SIMD for graphics
Fixed-point arithmetic
Fast approximations
Assembly trong game engines

Emulator Development¤

CPU Emulation¤

Instruction decoding
Instruction execution
Register state
Flag updates
Memory access emulation
Interrupt emulation

System Emulation¤

Timing accuracy
Peripheral emulation
Save states
Debugging features
Performance optimization

Digital Signal Processing (DSP)¤

Audio Processing¤

Sample rate conversion
Digital filters: FIR, IIR
FFT implementation
Audio effects
Real-time processing
Fixed-point DSP

Image Processing¤

Convolution
Edge detection
Color space conversion
Image scaling
SIMD optimization for images

GIAI ĐOẠN 5: ARCHITECTURE-SPECIFIC (3-4 tháng)¤

ARM Architecture¤

ARM Basics¤

ARM vs Thumb instruction sets
Registers: R0-R15
CPSR (Current Program Status Register)
Condition codes
Barrel shifter
ARM addressing modes

ARM Instructions¤

Data processing
Load/Store architecture
Multiple register transfer
Branch instructions
Conditional execution
Coprocessor instructions

ARM64 (AArch64)¤

64-bit registers: X0-X30
32-bit register access: W0-W30
Procedure Call Standard
NEON SIMD
SVE (Scalable Vector Extension)

RISC-V¤

RISC-V ISA¤

Base integer ISA: RV32I, RV64I
Standard extensions: M, A, F, D, C
Register set: x0-x31
Calling convention
Memory ordering
CSR (Control and Status Registers)

RISC-V Programming¤

Instruction formats
Immediate encoding
Pseudo-instructions
Compressed instructions
Privileged modes

MIPS¤

MIPS Architecture¤

Load/Store architecture
Registers: \(0-\)31
HI/LO registers
Delay slots
Branch delay slots
Coprocessors

MIPS Instructions¤

R-type, I-type, J-type formats
Arithmetic operations
Load/Store instructions
Branch và jump
Pseudo-instructions

Other Architectures¤

PowerPC¤

Register set
Instruction set
Calling conventions
AltiVec SIMD

SPARC¤

Register windows
Instruction set
Delayed branches
VIS instructions

8-bit Processors (Historical)¤

8080, Z80
6502 (NES, Commodore 64)
6800, 68000

GIAI ĐOẠN 6: MASTERY (liên tục)¤

Advanced Optimization¤

Compiler Optimizations¤

Loop transformations
Loop fusion, fission
Loop interchange
Loop tiling
Software pipelining
Trace scheduling
Predication
If-conversion

Profile-Guided Optimization¤

Performance profiling
Hot path identification
Branch probability
Cache profiling
Instrumentation
Feedback-directed optimization

Micro-Optimizations¤

Instruction pairing
Dependency chains
Port utilization
µop fusion
Macro-fusion
Zero-idiom recognition
Move elimination

Security¤

Exploit Mitigation¤

Stack protection bypass
DEP/ASLR bypass
ROP chain construction
Heap feng shui
Type confusion
Integer overflows
Race conditions

Secure Coding¤

Input validation
Bounds checking
Integer overflow prevention
Secure memory clearing
Constant-time algorithms
Side-channel resistance

Malware Analysis¤

Static analysis
Dynamic analysis
Behavioral analysis
Packing/unpacking
Anti-debugging detection
VM detection
Sandbox evasion

Research Areas¤

Speculative Execution Attacks¤

Spectre variants
Meltdown
Branch Target Injection
Bounds Check Bypass
Mitigations
Microarchitectural side channels

Hardware Security¤

Trusted Execution Environments
Intel SGX
ARM TrustZone
Hardware enclaves
Secure boot
Attestation

Testing và Verification¤

Unit Testing¤

Test harnesses
Assertion macros
Code coverage
Regression testing

Fuzzing¤

Input generation
Coverage-guided fuzzing
Mutation-based fuzzing
Crash analysis
Sanitizers integration

Formal Verification¤

Correctness proofs
Model checking
Symbolic execution
Abstract interpretation

Documentation và Communication¤

Code Documentation¤

Comment conventions
ASCII art diagrams
Register usage tables
Memory maps
Calling conventions documentation

Technical Writing¤

Architecture documents
Algorithm descriptions
Optimization reports
Security advisories

Tools Development¤

Custom Assemblers¤

Lexical analysis
Parsing
Symbol tables
Relocation
Macro processing

Disassemblers¤

Instruction decoding
Control flow recovery
Function identification
Cross-references

Debuggers¤

Breakpoint implementation
Single-stepping
Watchpoints
Symbol loading
Source-level debugging

Community và Resources¤

Learning Resources¤

Intel Software Developer Manuals
AMD64 Architecture Programmer's Manual
ARM Architecture Reference Manual
Agner Fog's optimization guides
OSDev Wiki
x86 opcode references
Assembly language forums

Open Source Projects¤

Linux kernel
FreeBSD kernel
MINIX
SerenityOS
ToaruOS
Bootloaders: GRUB, UEFI implementations
Emulators: QEMU, Bochs

Conferences và Communities¤

DEF CON
Black Hat
REcon (Reverse Engineering Conference)
FOSDEM
Assembly Language subreddit
OSDev community
Security research communities

Career Paths¤

Job Roles¤

Embedded systems engineer
Reverse engineer
Security researcher
Compiler engineer
OS developer
Firmware engineer
Performance engineer
Malware analyst
Exploit developer
Hardware verification engineer

Certifications¤

GIAC Reverse Engineering Malware (GREM)
Offensive Security Certified Professional (OSCP)
Certified Reverse Engineering Analyst (CREA)

LỘ TRÌNH HỌC TẬP ĐỀ XUẤT¤

Tháng 1-4: Giai đoạn 1 - Kiến thức nền tảng, x86 basics, registers, basic instructions

Tháng 5-9: Giai đoạn 2 - 32-bit/64-bit programming, calling conventions, OS interfaces

Tháng 10-15: Giai đoạn 3 - Advanced architecture, optimization, reverse engineering

Tháng 16-21: Giai đoạn 4 - Chuyên môn hóa: OS dev/Embedded/Security

Tháng 22-25: Giai đoạn 5 - ARM, RISC-V, other architectures

Tháng 26+: Giai đoạn 6 - Mastery, research, contribution

TIPS ĐỂ MASTER ASSEMBLY¤

Hiểu rõ computer architecture trước khi code
Master một architecture (x86-64) trước khi học others
Đọc CPU manuals thoroughly
Practice với simple programs first
Sử dụng debuggers extensively
Đọc disassembly của compiled C code
Hiểu calling conventions deeply
Learn by reverse engineering
Write bootloaders và simple OS
Study compiler output
Benchmark your code
Understand cache effects
Master bit manipulation
Learn multiple architectures
Read academic papers
Contribute to open source
Study exploits và mitigations
Learn hardware fundamentals
Practice optimization techniques
Write documentation thoroughly
Join security CTFs
Read processor errata
Understand timing attacks
Study microarchitecture
Keep updated với new extensions
Build tools (assemblers, disassemblers)
Teach others what you learn
Stay curious về hardware
Practice every day
Patience - assembly is hard but rewarding!

PROJECT IDEAS¤

Beginner: - Calculator program - String manipulation functions - Simple bootloader - Hello World (multiple platforms) - File I/O program

Intermediate: - Mini operating system kernel - Bootloader với file system - Encryption algorithms implementation - Simple game (Snake, Tetris) - Assembly standard library

Advanced: - Full operating system - JIT compiler - Virtual machine/emulator - Debugger - Exploit development - Compiler backend - Device driver - Hypervisor basics - Firmware for embedded device - Performance profiler

Expert: - Full-featured OS - Production compiler - Hardware emulator - Security research tool - Microkernel OS - Real-time OS - Custom CPU simulator

RECOMMENDED BOOKS¤

"Programming from the Ground Up" - Jonathan Bartlett
"Assembly Language Step-by-Step" - Jeff Duntemann
"The Art of Assembly Language" - Randall Hyde
"PC Assembly Language" - Paul Carter
"Professional Assembly Language" - Richard Blum
"Modern X86 Assembly Language Programming" - Daniel Kusswurm
"Intel 64 and IA-32 Architectures Software Developer Manuals"
"ARM Assembly Language" - William Hohl
"Computer Organization and Design" - Patterson & Hennessy
"Hacker's Delight" - Henry Warren
"Reversing: Secrets of Reverse Engineering" - Eldad Eilam

Chúc bạn thành công trên con đường master Assembly Language Programming!