Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    DeadLinez's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    http://mpgh.net Sexy Points: 989,576,420
    Posts
    465
    Reputation
    11
    Thanks
    499
    My Mood
    Psychedelic

    [Tutorial] Basic ASM / Reversing

    Basic ASM / Reversing

    By DeadLinez & Aro



    This tutorial contains the following information:
    • CPU
    • CPU Registers
    • Stack
    • Common Assembly Instructions
    • Jump-instructions
    • Program Structure





    CPU (aka Central Processing Unit)

    • Control Unit: Retrieve/Decode instructions,Retrieve / Storeage data in memory.
    • Execution Unit: Acually Exectution of instruction.
    • Register: Internal memory locations used as variables.
    • Flags: Used to indicate various "event" when exectution is happening.




    CPU Registers:

    • Registers are internal memory locations used as variables. A register is 32 bits long or 4 bytes there are 8 registers. EAX, EBX, ECX, EDX,
      ESI, EDI, ESP, and EBP.

      The "E" in the beginning of all the registers indicates that it is a 32 bit register.

      General Purpose Registers


    • EAX (Accumulator Register) : General used for storing operands and result data
    • EBX (Base Register): Used for storing pointers to data. Only register that can be used as an index
    • ECX (Counter Register): Used for loop operations.
    • EDX (Data Register): Used as a input outup pointer.
    • ESI, EDI (Pointer)- Data Pointer Registers from memory operations, generally used for string operations.
    • ESP (Pointer): Stack Pointer Register.
    • EBP (Pointer): Stack Data Pointer Register.




    32 bit registers can be split into 16 bit. In 16 bit programs only the lowest bits of the registers are used. They have the same names as general registers but without the "E"
    example:
    AX, EX, CX, DX, SI, DI, SP, BP.




    The 16 bit register can be spit into highbyte and lowbyte.
    example:
    EAX is 32 bit, AX is the lowest 16 bit of EAX and then the AX could be split
    into AH (highbyte) and AL (lowbyte) which are one byte in size.





    Segment Registers

    • CS (Code segment) - 16 bit number that points to a active code-segment
    • DS (Data segment) - 16 bit number that points to a active data-segment
    • SS (Stack segment - 16 bit number that points to a active stack-segment
    • ES (Extra segment) - 16 bit number that points to a active extra segment



    *EIP (32 bit intruction pointer) points to the instruction being done.
    A control register is a processor register which changes or controls the general behavior of a CPU or other digital device. Common tasks
    performed by control registers include interrupt control, switching the addressing mode, paging control, and coprocessor control. Check
    Control register - Wikipedia, the free encyclopedia for more information.


    The Stack
    As I said before. A stack is a temporary storage unit in computer memory where function arguments and local variables are stored. The LIFO Principle is last value you put in the first it comes out. Just imagine you have a stack of papers when I wanted my teach to correct my test first I would wait until everybody finished so when I put in my test on her desk I can sneak a peek on my score or how many red marks are on my test when she starts correcting it when we walk out of class.
    When you PUSH two values on the stack you will get the last one first because of that method.

    The 0x00000 you see below is hexadecimal. When the computer compiles a program it will covert it to machine code readable by the CPU then executed. The computer used hexadecimal because it more readable than 1's and 0's. The number system we use most is the decimal number system system 1,2,3,4,5,6,7,8,9,10.
    Watch Youtube videos to learn about hexadecimal and binary numbers.
    I'll get you started:
    What the Hell is Hexadecimal? Part 1
    What the Hell is Hexidecimal? Part 2


    PUSH - pushes value on stack
    POP - removes from stack
    ESP - Points to stack



    Right here is a example of a stack. The ESP register holds 0x000008 which is the top of the stack.
    example: ESP 0x0000008


    [IMG]http://img33.imageshack.us/img33/7066/50149555.png[/IMG

    The stack adds a new value (0x0000007) and (0x0000006) using the PUSH operation.

    Code:
    PUSH 0x0000007
    PUSH 0x0000006


    Now we update the ESP pointer to the top of the stack to the address 0x00000006.

    Code:
    ESP 0x0000006


    Now we use the POP operation to take that value of the stack. Which removes that last operation put into the stack (LIFO REMEMBER).

    Code:
    POP 0x00000006


    Next we have to update the ESP pointer to value 0x0000007.

    Code:
    ESP 0x00000007


    Next we have to POP the last first value we put in off the stack. (LIFO)

    Code:
    POP 0x00000007


    Finally we update the ESP pointer register to the top of the stack.

    Code:
    ESP 0x0000008


    Common Assembly Instructions

    PUSH <value>
    Puts value on top of the stack.

    POP <register>
    Gets data from the top of the stack and puts in of the stack and puts it in a register.

    Example of PUSH and POP:
    Code:
    PUSH     0x01
    PUSH     0X02
    POP     EAX
    POP     EDX
    After these instructions are ran, EAX would be equal to 0x02 and EDX would be equal to 0x01 (LIFO).


    TEST <value><value2>
    Compares bitvalues in data often used TEST EAX,EAX in software to check if EAX is zero, example after a function that checks if the serial is correct



    CMP <value1>,<value2>
    Compares 2 numbers by subtracting the source from the destination and updates the flags.

    Example:
    Code:
    CMP EAX,EDX

    MOV <to>,<from>
    Moves data from one address to a another
    Example:
    Code:
    MOV EAX,01

    CALL <address>
    Calls (runs) a function. When you use the call instruction it pushes the return address onto the stack and then jumps to the function's address, and when the ret instruction is used it pops the address off of the stack and then jumps to that address. This knowledge is critical to understanding how stack overflows can be transformed into exploits. (thanks nosiop)
    Example:
    Code:
    CALL 0x0123124

    DEC <value>
    Decreases a value by 1
    Example:
    Code:
    DEC EAX
    WIll decrease EAX by 1


    RET
    Returns from a subroutine or function to the code after the call that called the function.


    INC <value>
    Increases a value by 1
    Example:
    Code:
    INC EAX
    WIll increase EAX by 1


    SUB <value1>,<value2>
    Subracts two values, then puts the result in value1
    Example:
    Code:
    SUB EAX,03

    XOR <value1>,<value2>
    exclusive or, most commonly used to quickly set a register to 0 or for simple encryption
    Example:
    Code:
    XOR EAX,EAX
    will make EAX 0

    ADD <value1>,<value2>
    Adds two values, then puts the result in value1
    Example:
    Code:
    ADD EAX,05



    Jump-instructions


    Jumps are used to control the program-flow, they decide where in the programs we go, and in company of e.g. a CMP function the jump can decide weather the program is going to run code in one place or another.

    This is compared to other languages like C/C++. They are like "if-cases" or "goto".

    //C/C++
    Code:
    if(register == 0)
    {
        RegisterPleaseScreen();
    }
    There are many jump-instructions which are used for different things. Here is a short list of the most common used ones.


    Code:
    JMP <address> - Jump (always jumps)
    JZ <address> - Jump if zero
    JNZ <address - Jump if Not Zero
    JE <address - Jump if Equal
    JNE <address - Jump if not equal
    JGE <address> - Jump if Greater or Equal
    JBE <address> - Jump if Below or Equal
    JA <address - Jump if Above
    JAE <address> - Jump if Above or Equal to

    The code below is a example code of a program checking the serial number the user inputs and seeing if it is the right one.

    Example of a ASM-code with Jumps


    Code:
    0x0000001 CALL CheckRegistered //Check is user is registered
    0x0000002 TEST EAX, EAX //Checks if EAX is eqal to 0
    0x0000003 JZ 0x0000006 // if EAX is eqaual to 0 jump to Please register screen
    0x0000004 CALL ShowThanksForPurchase // else show Thanksforpurchasescreen
    0x0000005 JMP ContinueProgram // coutinues with normal program routinue
    0x0000006 CALL PleaseRegisterScreen // calls please register screen
    0x0000007 JMP 0x0000009 // jmps to ExitProgram
    
    ....
    # Exit Routine
    
    0x0000009 movl $1, %eax
    0x0000010 movl $0, %ecx
    0x0000011 int $0x80

    This might look confusing even though will the comments.

    The numbers on the left side (0x0000001 example) are address (these are all made up for this example of course) and on the right side are the Assembly instructions that are on the address.

    While cracking software you quite often see code similar to this.

    First the code calls a function which check if we are registered,
    then EAX is test if it is 0.
    If EAX is NOT 0 the program calls the "Thank you for purchase"-screen.
    If EAX is 0 it jumps to 0x0000006 and there it calls the screen the says you need to register and jumps again to the end of the program.

    Program Structure
    Now you maybe wondering HOW THE FREAK DO I BUILD A ASSEMBLY PROGRAM? Well we need to know how to structure our program. When we structure the program it is like the stack highest to lowest. We need to structure that program like that stack.



    The first part of our assembly program we declare we declare the ".data" part of are program where are used initialized data is held or in other words data we give a variable.

    Example:
    Code:
    .data
    The second part of our assembly program is the ".bss" part of the program where put initialized data like buffers and other stuff.

    Example:
    Code:
    .data
    
    .bss
    The third and final part of an assembly program is the .text function where the the actual code is put.

    Example:
    Code:
    .data
    
    .bss
    
    .text
    The foruth part of the program is where we declare ".globl _start" this is needed to be (declared for linker (ld)).

    Example:
    Code:
    .data
    
    .bss
    
    .text
         .globl _start
    The fifth part of our program is where we put the main part of the program. I like the main() function in C/C++ the equivalent to that in assembly is "_start:". (tell linker entry point).

    Example:
    Code:
    .data
    
    .bss
    
    .text
         .globl _start
    
    _start:
           //Code..
    Data types
    --------------------------

    Now that you learned how to structure a assembly program now we need to learn about data types to use in our program. Now here we go.

    Here is a list of data types:
    Code:
    .int  32 bit number
    
    .ascii  String
    
    .asciz Null Terminated String
    
    .short 16 bit number
    
    .byte 1 bytes (32 bits)
    
    .float = Single precision point number
    
    .double = Double precision point number
    Other data types for .bss (uninitialized data) are:
    Code:
    .comm = this declares common memory area. Like global variables.
    
    .lcomm = this declares local memory area. Like local variables in functions.
    To declare our data types in our program we do it like this:
    Code:
       dataname:
            .datatype  <value>
    Here is another example with actual types for people who don't understand.
    Code:
    AroString:
            .asciz "Aro Rules!\n"
    For Uninitialized data .bss:

    Code:
    .lcomm <dataname>, <size>
    Real world example:
    Code:
    .comm arobuffer, 1024

    Now lets insert each data type we learned into our program structure we learned how to make before name your program "Lesson.s":

    Code:
    # by the way to comment in asm put a pound key before the comment
    
    .data
        
        AroString:
            .ascii "You are going to learn assembly quickly and easily"
    
        AroStringNull:
            .asciz "Can you imagine you learning assembly with ease"
    
        AroInt32:
            .int 13
    
        AroInt16:
            .int 8
    
        AroByte:
            .byte 10
    
        AroFloat:
            .float 12.23
    
        AroDouble:
            .double 12.131
    
    .bss
        .comm AroBuffer,1024
        .lcomm YourBuffer, 1024
    
    .text
            .globl _start
    
    _start:
    
    //code...
    Finally its time to learn how to put assembly code in the .text function. Here we get down and dirty baby. Now in order to do this he need to learn sys calls.

    I will teach you how to convert a Linux sys call into assembly. We will use the exit function. Here is the layout how the exit sys call:


    Code:
    int sys_exit(int status)
    They way we pass arguments to syscalls is first we declare the EAX register for the System call number, EBX for the first argument, ECX for the two argument,
    EDX for the third argument and for the fivith we use the EDI register. Then we end the $0x80 interrupt to show we are at the end of the function.

    Now lets do this with the exit function.

    First we need to find the sys call number here

    "vim usr/include/asm/unistd_32.h"

    The sys call number is 1. We will type it like this.
    Code:
    movl $1, %eax
    Second we will need to use the argument 0 to exit our program by moving the value 0 in the %ebx register.
    Code:
    movl $0, %ecx
    Now we show that the sys call has ended with the $0x80 interrupt
    Code:
    int $0x80

    Let put it in the program
    Code:
    .data
        
        AroString:
            .ascii "You are going to learn assembly quickly and easily"
    
        AroStringNull:
            .asciz "Can you imagine you learning assembly with ease"
    
        AroInt32:
            .int 13
    
        AroInt16:
            .int 8
    
        AroByte:
            .byte 10
    
        AroFloat:
            .float 12.23
    
        AroDouble:
            .double 12.131
    
    .bss
        .comm AroBuffer,1024
        .lcomm YourBuffer, 1024
    
    .text
          .globl _start
    
    _start:
                #Exit Routine
                movl $1, %eax
                movl $0, %ecx
                int $0x80

    Code:
    To compile the code in linux type:
        
        as -ggstabs -o <programname.o> <programname.s>
        ld -o <programname> <programname.o> // for linking
    If you have windows use NASM (I dont know anything about so don't ask quesions) best is to just get a live CD or Vmware.
    Now its your turn I taught you enough information to make a simple hello world program. Just follow the instructions I gave you.

    To print a string you need the sys call write. Here is what it looks like:
    Code:
    ssize_t sys_write(unsigned int fd, const char * buf, size_t count)
    That's all you get. Post you code when your done.

    Last edited by DeadLinez; 09-28-2010 at 08:58 PM.

  2. The Following 12 Users Say Thank You to DeadLinez For This Useful Post:

    confict (09-29-2010),coogle007 (09-29-2010),doofbla (09-29-2010),[MPGH]flameswor10 (09-28-2010),GodHack2 (09-28-2010),klofee (09-28-2010),markoj (09-29-2010),matypatty_backup (09-29-2010),NightWolfXx (10-16-2010),o-o (09-29-2010),topblast (09-28-2010),wainner3d (09-28-2010)

  3. #2
    flameswor10's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    12,528
    Reputation
    981
    Thanks
    10,404
    My Mood
    In Love
    Holy shit that's a long fucking tutorial..
    No I do not make game hacks anymore, please stop asking.


    Been MPGH Minion: 6 July 2011 - 1 August 2012

  4. #3
    DeadLinez's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    http://mpgh.net Sexy Points: 989,576,420
    Posts
    465
    Reputation
    11
    Thanks
    499
    My Mood
    Psychedelic
    yes, i am finishing up the reversing part now press thanks if i helped.

  5. #4
    flameswor10's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    12,528
    Reputation
    981
    Thanks
    10,404
    My Mood
    In Love
    I always press the button. /
    No I do not make game hacks anymore, please stop asking.


    Been MPGH Minion: 6 July 2011 - 1 August 2012

  6. #5
    topblast's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Location
    Far from around you Programmer: C++ | VB | C# | JAVA
    Posts
    3,607
    Reputation
    149
    Thanks
    4,922
    My Mood
    Cool
    Thanks i was always stupid to ASM
    I just like programming, that is all.

    Current Stuff:

    • GPU Programmer (Cuda)
    • Client/Server (Cloud Server)
    • Mobile App Development

  7. #6
    DeadLinez's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    http://mpgh.net Sexy Points: 989,576,420
    Posts
    465
    Reputation
    11
    Thanks
    499
    My Mood
    Psychedelic
    lol no prob topblast im adding more atm.

  8. #7
    mmbob's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    ja
    Posts
    655
    Reputation
    70
    Thanks
    1,156
    My Mood
    Bitchy
    Give credits rofl. This isn't yours.

  9. #8

  10. The Following User Says Thank You to Void For This Useful Post:

    why06 (09-29-2010)

  11. #9
    DeadLinez's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    http://mpgh.net Sexy Points: 989,576,420
    Posts
    465
    Reputation
    11
    Thanks
    499
    My Mood
    Psychedelic
    Quote Originally Posted by mmbob View Post
    Give credits rofl. This isn't yours.
    lol look at the top me and my friend made this a while ago ona diffrent forum

  12. #10
    mmbob's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    ja
    Posts
    655
    Reputation
    70
    Thanks
    1,156
    My Mood
    Bitchy
    Quote Originally Posted by DeadLinez View Post
    lol look at the top me and my friend made this a while ago ona diffrent forum
    So Aro is your friend? .

  13. #11
    DeadLinez's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    http://mpgh.net Sexy Points: 989,576,420
    Posts
    465
    Reputation
    11
    Thanks
    499
    My Mood
    Psychedelic
    Quote Originally Posted by mmbob View Post
    So Aro is your friend? .
    yes mam, from HF

  14. #12
    Xlilzoosk8rX's Avatar
    Join Date
    Dec 2008
    Gender
    male
    Location
    the-ville, PA
    Posts
    358
    Reputation
    24
    Thanks
    53
    my god, i been learning assembly for a few months now and you are amazing at explaining it.
    the book im learning from doesnt even explain it as well as you do

  15. #13
    o-o's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    who reading that ? T_T
    Posts
    682
    Reputation
    10
    Thanks
    307
    My Mood
    Cold
    Lol very long / will read this after

    Happy Hanukkah For All Of MPGH !


    The Real Life Are Better Then A Game !


    Song :[YOUTUBE]vgKBOkvO5N0&feature=player_embedded[/YOUTUBE]
    Best Friends :

    Hax4Life!

    Solify

    [MPGH]Drake`

    Respect Them Or I'll Kill You ...



  16. #14
    Stephen's Avatar
    Join Date
    Jun 2009
    Gender
    male
    Location
    Engine.exe
    Posts
    4,690
    Reputation
    184
    Thanks
    1,147
    My Mood
    Aggressive
    Leecher .

  17. #15
    DeadLinez's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    http://mpgh.net Sexy Points: 989,576,420
    Posts
    465
    Reputation
    11
    Thanks
    499
    My Mood
    Psychedelic
    Quote Originally Posted by Stephen View Post
    Leecher .
    hmm a single cs, gets mad because he cant put out a single good thread?
    "By DeadLinez & Aro" were on a diffrent site a while ago, and made this. What dont you understand?

Page 1 of 2 12 LastLast

Similar Threads

  1. [Tutorial]Basic Spammer
    By Spook in forum Visual Basic Programming
    Replies: 31
    Last Post: 08-09-2010, 06:31 PM
  2. Basic Asm question
    By lilneo in forum Assembly
    Replies: 5
    Last Post: 07-25-2010, 11:23 AM
  3. [Tutorial] Basic C++ Game Hacking (Memory Editing)
    By Tukjedude in forum C++/C Programming
    Replies: 17
    Last Post: 06-05-2010, 09:23 AM
  4. [Tutorial] Basic C++ Console hack
    By Erinador in forum C++/C Programming
    Replies: 12
    Last Post: 02-27-2010, 02:44 AM
  5. [Tutorial] Basic user I/O
    By PlSlYlClHlO in forum C++/C Programming
    Replies: 6
    Last Post: 06-18-2009, 02:47 AM