John Delmark Aguilar

Delmark - Profiling
HomeCalendarFAQSearchMemberlistUsergroupsRegisterLog in

Share | 

 Tutorial: The Basic of ASM

Go down 

Posts : 92
Join date : 09/04/2012

PostSubject: Tutorial: The Basic of ASM   Thu Apr 25, 2013 7:38 am

ASM abbreviation is called assembly machine language. it is also known as low level programming language. all memory reading are in hexadecimal (0/1/2/3/4/5/6/7/8/9/A/B/C/D/E/F). there are few basic portions that you need to know in ASM: opcodes, operands, offsets and memory address, hex code, registers.

- opcode is a processor instruction will be perform in ASM.
- operand is an object that you will be carried out by opcode. normally they are data for opcode.
- offset is the memory address distant from the starting point or simply where these data address are known by processor. (don't confuse with offset definition, it is not the exact memory address location. offset + base address = exact memory address location)
- hex code is the format that is stored into binary file.
- memory address is the memory location in your loaded runtime. (this picture is not loaded runtime memory)
- registers are the location that stored for useful data.

Well, in this basic tutorial we are going to cover only topics of opcodes and registers (which will help you how to use it at CE).


there are many opcodes from 8086 to 80686 processor designs. but i am going to cover the some basic one at 8086.

MOV - the most common use in anywhere it means to load data into a register.
e.g. mov eax, 1

CALL - this means call to the subrountine function.
e.g. call 03A481E8

RET - return from a called subroutine.
e.g. ret

RETN - it means to pop the top of stack and transfers exection to that address.
e.g. retn 4

PUSH - accept one parameter, it will then add into top of the stack.
e.g. push eax

POP - this will release the stack value that is pushed in the stack previously.
e.g. pop eax

XOR - to compare 2 pieces of data and make sure it is different.
e.g. xor edx, edx

CMP - to compare register with value.
e.g. cmp eax, 1

LEA - get the address location of the data
e.g. lea esi, [eax+12h]

ADD - add value to the existing register
e.g. add eax, 1

SUB - substract value from the existing register
e.g. sub eax, 1

INC - do incremental value
e.g. inc eax

DEC - do decremental value
e.g. dec eax

NOP - nothing/no instruction
e.g. nop

JMP - direct jump destination address
JA - jump if above
JAE - jump if above or equal
JB - jump if below
JBE - jump if below or equal
JG - jump if greater
JGE - jump if geater or equal
JL - jump if less
JLE - jump if less or equal
JZ/JE - jump if zero (JZ and JE shares the same opcode)
JNZ/JNE - jump if not zero (JNZ and JNE shares the same opcode)

there are still many more but i am not going to teach every of them because you it will be very rare case to use.


we have 8 bits, 16bits, 32 bits, 64 bits registers from 8086 to 80686 process architectures. but for mostly game applications now a day, they are using 32bits. so, we are aiming to 32bits registers.

now, we will to go thru some basic 32bits registers in our processors.

EAX - accumulator register
EBX - base register
ECX - counter register
EDX - data register

ESI - source register
EDI - destination register
EIP - instruction pointer register

EBP - base pointer register
ESP - stack pointer register

CS - code segment (.text)
DS - data segment (.data)
SS - stack segment
ES - extra segment
FS/GS - general purpose segment

well, how are they going to be used? this is going to be very endless explanation... every register has its role to do. it may apply in very different situation when it comes across the asm.

ok, blur right? let me make a simple example from reverse engineering from ASM to C++.


Code:mov eax, [esp+4]
mov edx, [esp+8]
add eax, edx
so, as we see, there are few registers in the code.
when we do reversing, we always look from the right to the left from the instruction.
esp in here meaning a function/method argument.
so that means we have 2 arguments here.
each argument takes 4 bytes (dword) => esp+4, esp+8.
"mov eax, [esp+4]" means first argument esp+4 is copied into eax register.
"mov edx, [esp+8]" means second arugment esp+8 is copied into edx register.
"add eax, edx" is equally "eax = eax + edx". this means second arguement is added with first arguement.
"ret" means return the sum value.
Back to top Go down
View user profile
Tutorial: The Basic of ASM
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
John Delmark Aguilar :: dElmARk Productions :: Assembly Language-
Jump to: