dElmARk Admin
Posts : 92 Join date : 09/04/2012
| Subject: Tutorial: The Basic of ASM Thu Apr 25, 2013 2:38 pm | |
| ASM abbreviation is called assembly machine language. it is also known as low level programming language. all memory reading are in hexadecimal (0/1/2/3/4/5/6/7/8/9/A/B/C/D/E/F). there are few basic portions that you need to know in ASM: opcodes, operands, offsets and memory address, hex code, registers.- opcode is a processor instruction will be perform in ASM.- operand is an object that you will be carried out by opcode. normally they are data for opcode.- offset is the memory address distant from the starting point or simply where these data address are known by processor. (don't confuse with offset definition, it is not the exact memory address location. offset + base address = exact memory address location)- hex code is the format that is stored into binary file.- memory address is the memory location in your loaded runtime. (this picture is not loaded runtime memory)- registers are the location that stored for useful data.Well, in this basic tutorial we are going to cover only topics of opcodes and registers (which will help you how to use it at CE).OPCODES:there are many opcodes from 8086 to 80686 processor designs. but i am going to cover the some basic one at 8086.COMMON ARIMETHICS/TRANSFER OPCODESMOV - the most common use in anywhere it means to load data into a register.e.g. mov eax, 1CALL - this means call to the subrountine function.e.g. call 03A481E8RET - return from a called subroutine.e.g. retRETN - it means to pop the top of stack and transfers exection to that address.e.g. retn 4PUSH - accept one parameter, it will then add into top of the stack.e.g. push eaxPOP - this will release the stack value that is pushed in the stack previously.e.g. pop eaxXOR - to compare 2 pieces of data and make sure it is different.e.g. xor edx, edxCMP - to compare register with value.e.g. cmp eax, 1LEA - get the address location of the datae.g. lea esi, [eax+12h]ADD - add value to the existing registere.g. add eax, 1SUB - substract value from the existing registere.g. sub eax, 1INC - do incremental valuee.g. inc eaxDEC - do decremental valuee.g. dec eaxNOP - nothing/no instructione.g. nopCOMMON JUMP OPCODES:JMP - direct jump destination addressJA - jump if aboveJAE - jump if above or equalJB - jump if belowJBE - jump if below or equalJG - jump if greaterJGE - jump if geater or equalJL - jump if lessJLE - jump if less or equalJZ/JE - jump if zero (JZ and JE shares the same opcode)JNZ/JNE - jump if not zero (JNZ and JNE shares the same opcode)there are still many more but i am not going to teach every of them because you it will be very rare case to use.32BITS REGISTERS:we have 8 bits, 16bits, 32 bits, 64 bits registers from 8086 to 80686 process architectures. but for mostly game applications now a day, they are using 32bits. so, we are aiming to 32bits registers.now, we will to go thru some basic 32bits registers in our processors.GENERAL REGISTERS:EAX - accumulator registerEBX - base registerECX - counter registerEDX - data registerPOINTER REGISTERS:ESI - source registerEDI - destination registerEIP - instruction pointer registerSTACK REGISTERS:EBP - base pointer registerESP - stack pointer registerSEGMENT REGISTERS:CS - code segment (.text)DS - data segment (.data)SS - stack segmentES - extra segmentFS/GS - general purpose segmentwell, how are they going to be used? this is going to be very endless explanation... every register has its role to do. it may apply in very different situation when it comes across the asm.ok, blur right? let me make a simple example from reverse engineering from ASM to C++.ASM: Code:mov eax, [esp+4] mov edx, [esp+8] add eax, edx retso, as we see, there are few registers in the code.when we do reversing, we always look from the right to the left from the instruction.esp in here meaning a function/method argument.so that means we have 2 arguments here.each argument takes 4 bytes (dword) => esp+4, esp+8."mov eax, [esp+4]" means first argument esp+4 is copied into eax register."mov edx, [esp+8]" means second arugment esp+8 is copied into edx register."add eax, edx" is equally "eax = eax + edx". this means second arguement is added with first arguement."ret" means return the sum value. | |
|