Hi, I hope this tutorial might help with the basics. ASM is a low evel language. It is one step up from machine code and so can give you complete control over the computer.
To begin to start learning reverse engineering you MUST know some ASM (aka the computers machine code.)
Here's some example ASM just to let you know what it looks like:
00xx:00xxxx Test Eax,Eax
00xx:00xxxx Jne 00043242
00xx:00xxxx Cmp Ebx,Esi
So What Does That Mean?
I'm just going to start off by explaining each important ASM instruction and how the CPU works. Inside the CPU is a Register control, this has lots of pre-defined variables inside, here are some of the ones you will most likely see:
AX / EAX - Accumulator Register used for storing numbers and the output of sums
BX / EBX - Base Register - Usually for storing numbers for calculations
CX / ECX - Counter Register - used in loops , incremented or decremented
IP / EIP - Instruction Pointer - Stores the address (line number) of the next command.
Now that's a very brief description of the instructions.
key: dest = destination
sour = source
*** MOV ***
MOV dest,sour - This is the most common instruction it simply moves data from one register to another. e.g:
MOV AX,56 - (Move 56 into AX)
MOV BX,AX - (Move AX into BX, so BX contains 56 because we had 56 in AX)
*** ADD ***
ADD op1,op2 - Adds two registers together and puts the result in op1. e.g:
Adds 10 to 23
so the answer 33 is left in BX
*** SUB ***
SUB - Subtract
See if you can follow that. So BX=33 at the moment then we take CX away from it (which is 10) which leaves the result in BX, so BX would now equal 23.
Important ASM Commands For Cracking
OK we must learn the following first:
CALL 200 - This calls another set of instructions at 200 then returns back to the next line after it was called. e.g:
102: MOV BX,20
104: CALL 200 ----------->---------------------|
106: MOV DX,20 <-| \\./
108: MOV CX,DX | 200: SUB AX,CX
| 202: MOV CX,02
-------------- < 204: RET
There don't bother trying to follow the code as I just made it up just take note to the cycle, when it meets the CALL command it jumps to line number provided (200 in this case) and executes the code there until it sees the RET command goes back to the next line in the main program (RET=Return).
In ASM there is lots of different conditions for the jump command, they mostly depend on "flags" flags are Boolean variables in the CPU, for those of you that don't know what a Boolean is it is a variable which has to states 'on or off' in this case '0 or 1'.
Most programs have a Serial check routine that is stored in a call after this call AX is set to 0 or 1 this then has a logical AND performed on it aka TEST AX,AX this sets the ZERO flag to on or off, so its either Z or NZ zero or not zero then a jump with a conditional connected to the zero flag is done, that probably not explained very well but I'll explain it better later when we get to cracking, for now here's some of our important jump commands:
JMP xxxx - Jumps to x no matter what
JNZ xxxx - Jump if the Zero flag is not set
JZ xxxx - Jump if the zero flag is set
JNE xxxx - Jump if not equal
JE xxxx - jump if equal
JG xxxx - jump if greater
JL xxxx - jump if less than
JA xxxx - jump if above
JB xxxx - jump if below
JGE xxxx - jump if greater than or equal to
JBE xxxx - jump if Below than or equal to so many.
But that's not all, just try and remember those, it's quite logical really.
OK, nearly done :)
The stack is an area of memory which is used to put data from registers into the stack for later storage. When placing a register's contents into the stack, its called "Pushing" when taking a value out of the register its called "Popping".
The stack works on LIFO - Last In first Out.
So whats the value of AX,BX now? well lets go through it:
push AX - look at stack table 1
push Bx look at stack table 2
pop ax - takes the first value out of the stack and puts into ax which is 2.
pop bx - puts 1 into bx because 2 has been taken from the stack so now 1 is on top
So from that you can see that the stack puts every thing on top.
Last Word On ASM
Just 1 more thing to cover.
These are brackets when you see brackets around some think it is referring to that address:
MOV ,AX - This moves AX to memory area 300
CALL  - this calls the procedure at line 500
You should now hopefully know enough to get by :)
Tutorial by Raduce