Assembly Code
The Basics of ASM for newbie crackers.
This article is mainly intended to help you learn the basics of ASM so that you can crack applications. This article is not going to help you code in Assembly.
Difference between Machine language and ASM:
Computers can only understand the language of binary(1s and 0s) and what is known as machine language.. But, we can't understand the language of binary.. So, ASM is there to help us understand the code.. It removes odds of 1s and 0s but is still hard to understand everything and code something in ASM.. In fact, ASM acts as a bridge between machine language and languages like C, C#, VB, etc.. The assembly language have mnemonics to help us... Also the hex number system is extremely useful in the cracking process.
Now lets start with the basic and useful commands of ASM which will be required in most of the application cracking..
The comments will be shown by ;
For example:
Commands
1) mov: The mov command is used to copy data from the source to the destination. It is to be noted that value at source will not be erased..
Syntax: mov <dest>,<source>
Example:
mov eax,21h ; eax=21h
mov ebx,eax ; ebx=eax
Also the point to be noted is that the data can't be moved directly from the memory to a segment register (will describe registers later). In such condition, you will have to move the data first to general purpose register and then to segment registers..
Example:
mov eax,21h
mov ds,ax
2) cmp: (compare command): This command is used for the comparison... and on the basis of true or false evaluation of comparison, the jump is taken or not taken.. In fact, cmp sets Z-flag or removes it on the basis of which next jump or instruction operates..
Example:
cmp eax,ebx ; compares eax with ebx
cmp eax,[404000] ; compares eax with the dword at 404000
3) jumps: There are various kinds of jumps but I'll be discussing the major ones useful in cracking.. The jump commands are used to deviate the code flow of program based on the value of flags..
a) jmp: (Unconditional jump): It requires no condition.. In other words, the code will jump irrespective of the
value of the Z-flag i.e. it will always jump..
Syntax: jmp <dest>
Example:
jmp start ; jump to start
jmp 10h ; jump to offset 10h
b) je: (Jump if equal): This jump will be taken if the Z-flag is set i.e. the value becomes 1..
Syntax: je <dest>
Example:
je 5h ; jumps to offset 5h if Z-flag=1
c) jne: (Jump if not equal): This jump will be taken if the Z-flag is not set i.e. Z-flag=0..
d) jz: (jump if zero): This jump will be taken if zero flag is on(set to 1)
Syntax: jz <dest>
e) jnz: (jump if not equal): This jump will be taken if zero flag is off(set to 0)..
Syntax: jnz <dest>
4) NOP: (No OPeration): This means no operation or do nothing.. So, by noping we can make the jump useless.. It is usefull in cracking..
5) call: This command is used to call a certain procedure in the program.
Syntax: call <dest>
Example:
call 100 ; jumps to offset 100 and continues to execute
6) ret: This command is used to return to the next command after the call..
Syntax: ret
7) push and pop: The push command puts certain data to the stack while the pop command takes out certain data from the stack.. The push and pop commands work on the basis of 'last in, first out' like the piles of books.. That is, the last data pushed on stack will be the first one to be popped from the stack..
Syntax: push <value>
pop <dest>
Example:
push ebx
pop ebx
8) xor: It is an exclusive or function which works at the bit level..
1 & 0 = 1
0 & 1 = 1
0 & 0 = 0
The above is the xor mechanism..
So, this is useful to clear register values or the memory location..
Syntax: xor <dest>,<source>
Example:
xor eax,eax ; this clears eax register
9) add: The add command is used to add the source to the destination and the result is stored in the destination..
Syntax: add <dest>,<source>
Example:
add eax,20h ; adds 20h to eax
10) sub: The sub command is used to subtract the source from the destination and final result is stored in the
destination..
Syntax: sub <dest>,<source>
Example:
sub eax,9h ; subtracts 9h from eax and saves the value in eax
11) inc: this command is used to increment the value..
Syntax: inc <dest>
Example:
mov eax,5h ; eax=5h
inc eax ; now eax is 6h
12) dec: this command is used to decrease the value..
Syntax: dec <dest>
Example:
mov eax,5h ; eax=5h
dec eax ; now eax is 4h
There are many more commands you need to know to be cracker but these commands can be a quick start for beginners..
Now lets move on to know about stacks and registers...
Stacks And Registers:
Stack: Stack is a part of memory where the chunk of data are stored for using them later on.. Stack can be referred to the pile of books where the last one to enter is the first one to come out.. The push and pop commands related with stack has already been discussed..
Registers: Registers are the place where the data are stored temporarily.. Registers are of different types and they may be 8-32 bit in size.. and most modern day CPU use 32 bit registers for storing data.. The 32 bits register can store data from 0 to FFFFFFFF.. The various types of registers are discussed as below:
a) General registers: These are generally used for data manipulation and other purposes..
EAX: Extended Accumulator Register
EBX: Extended Base Register
ECX: Extended Counter Register
EDX: Extended Data Register
Their 16 bits version are AX, BX, CX and DX respectively..
b) Segment registers:
CS, SS, DS, ES, FS, GS
These are 16 bits in size and they store pointers to code, stack, etc..
c) Offset registers: They show offset related to the segment registers..
EBP: Extended Base Pointer: It points to the beginning of local environment for a function and is mainly related
with stack and stack frames..
d) Other Registers:
EIP: Extended Instruction Pointer: It points to the address of next instruction to be executed.. So, in Olly, whenever
you scroll up or down, you can click on EIP at registers section to return to the last instruction you were in..
Tools Of Trade: For cracking the software, you require various tools... In fact, knowledge without tools always makes you fail in application cracking.. So let me list some of the tools required for beginner cracking..
a) Ollydebugger
b) Win32DASM
c) SoftIce
d) PEID
e) XVI32 or any hex editor
f) Hex converter (Calculator)
There are other tools as well but these can be enough for starting.. Check out www.protools.cjb.net for more tools.
So, with this, my article on ASM basics comes to end.. I have tried to be as much accurate as I can... If you find any mistake anywhere, please comment.. This is my first article on ASM so please rate/comment it.. It would help me to improve myself.. Thanks for being patient while reading this..
Tutorial by sam207