ThisisLegal.com
 

Assembly Language

Hi, I hope this tutorial might help with the basics. ASM is a low evel language. It is one step up from machine code and so can give you complete control over the computer.

Begin Lesson

To begin to start learning reverse engineering you MUST know some ASM (aka the computers machine code.)

Here's some example ASM just to let you know what it looks like:

Code:

00xx:00xxxx Call 00403214
00xx:00xxxx Test Eax,Eax
00xx:00xxxx Jne 00043242
00xx:00xxxx Ret
00xx:00xxxx Cmp Ebx,Esi

So What Does That Mean?

I'm just going to start off by explaining each important ASM instruction and how the CPU works. Inside the CPU is a Register control, this has lots of pre-defined variables inside, here are some of the ones you will most likely see:

Code:

AX / EAX - Accumulator Register used for storing numbers and the output of sums
BX / EBX - Base Register - Usually for storing numbers for calculations
CX / ECX - Counter Register - used in loops , incremented or decremented
IP / EIP - Instruction Pointer - Stores the address (line number) of the next command.

Now that's a very brief description of the instructions.

Commands

key: dest = destination 
sour = source

*** MOV ***

Code:

MOV dest,sour - This is the most common instruction it simply moves data from one register to another. e.g:

Code:

MOV AX,56 - (Move 56 into AX)
MOV BX,AX - (Move AX into BX, so BX contains 56 because we had 56 in AX)

*** ADD ***

Code:

ADD op1,op2 - Adds two registers together and puts the result in op1. e.g:

Code:

MOV BX,23
MOV AX,10
ADD BX,AX

Adds 10 to 23
so the answer 33 is left in BX

*** SUB ***

Code:

SUB - Subtract

Code:

MOV BX,23
MOV AX,10
ADD BX,AX
MOV CX,10
SUB BX,CX

See if you can follow that. So BX=33 at the moment then we take CX away from it (which is 10) which leaves the result in BX, so BX would now equal 23.

Important ASM Commands For Cracking

OK we must learn the following first:

Code:

CALL 200 - This calls another set of instructions at 200 then returns back to the next line after it was called. e.g:

Code:

100: MOV AX,10
102: MOV BX,20
104: CALL 200 ----------->---------------------|
106: MOV DX,20 <-|                                     \\./
108: MOV CX,DX |            200: SUB AX,CX
                 |                 202: MOV CX,02
                 -------------- < 204: RET
                                          206: blah
                                          208: blah

There don't bother trying to follow the code as I just made it up just take note to the cycle, when it meets the CALL command it jumps to line number provided (200 in this case) and executes the code there until it sees the RET command goes back to the next line in the main program (RET=Return).

JUMPS

In ASM there is lots of different conditions for the jump command, they mostly depend on "flags" flags are Boolean variables in the CPU, for those of you that don't know what a Boolean is it is a variable which has to states 'on or off' in this case '0 or 1'.

Most programs have a Serial check routine that is stored in a call after this call AX is set to 0 or 1 this then has a logical AND performed on it aka TEST AX,AX this sets the ZERO flag to on or off, so its either Z or NZ zero or not zero then a jump with a conditional connected to the zero flag is done, that probably not explained very well but I'll explain it better later when we get to cracking, for now here's some of our important jump commands:

Code:

JMP xxxx - Jumps to x no matter what
JNZ xxxx - Jump if the Zero flag is not set
JZ xxxx - Jump if the zero flag is set
JNE xxxx - Jump if not equal
JE xxxx - jump if equal
JG xxxx - jump if greater
JL xxxx - jump if less than
JA xxxx - jump if above
JB xxxx - jump if below
JGE xxxx - jump if greater than or equal to
JBE xxxx - jump if Below than or equal to so many.

But that's not all, just try and remember those, it's quite logical really.

STACK

OK, nearly done :)

The stack is an area of memory which is used to put data from registers into the stack for later storage. When placing a register's contents into the stack, its called "Pushing" when taking a value out of the register its called "Popping".

The stack works on LIFO - Last In first Out.

Code:

MOV AX,1
MOV BX,2
PUSH AX
PUSH BX
POP AX
POP BX

So whats the value of AX,BX now? well lets go through it:

Code:

Ax=1
Bx=2

push AX - look at stack table 1

Code:

1) Stack
1

push Bx look at stack table 2

Code:

2) stack
2
1

pop ax - takes the first value out of the stack and puts into ax which is 2.

pop bx - puts 1 into bx because 2 has been taken from the stack so now 1 is on top

So from that you can see that the stack puts every thing on top.

Last Word On ASM

Just 1 more thing to cover.

These are brackets when you see brackets around some think it is referring to that address:

Code:

Mov AX,2
MOV [300],AX - This moves AX to memory area 300

OR:

MOV [0032543],500
CALL [0032543] - this calls the procedure at line 500

You should now hopefully know enough to get by :)


Tutorial by Raduce


Comments

Reply

amazing tutorial RaducE, definitely worth 5 stars :)

Reply

This I just learned recently.Hope my tutorial helps!

Reply

please post more tuts

Reply

more coming soon

Reply

Good & useful tutorial

Reply

Yeah! This is Great tut, But waiting for more like this :)

Online (last 15 mins):   guapboys