Basic Assembly Tutorial by Al Capwne
Basic Assembly Tutorial by Al Capwne
Basic Assembly Tutorial
------------------------
When debugging and writing exploit code you will se alot of assembly code. If your a n00b and don't know what that stuff if well this is a good place to start.
Lets get started....
The Stack
-----------------
The stack is a very useful data structure. It is a temporary storage unit in memory where function arguments and local variables are held during run time. The stack used the LIFO principle which means the first value put in is the last value put out. Just imagine a stack of plate ready to be washed the first plate put on the stack of plates is the last plate to be washed. You may not understand this right now but you will get it.
CPU Registers
-----------------
Registers are internal memory locations used as variables. A register is 32 bits (4 bytes). There are 8 registers.
EAX(Accumulator Register): used for storing result data
EBX(Base Register): Used for storing pointers to data.
ECX(Counter Register): Used for loop operations.
EDX(Data Register): Used as a input output pointer.
ESI, EDI(Pointers): Data registers usually used as a pointer to strings
ESP(Pointer): The stack pointer
EBP(Pointer): pointer to stack data
The "E" in the begining of the registers means Extended and indicates its a 32 bit register.
32 bit registers can be split into 16 bit registers which are the same thing but without the "E" in the begining.
example: AX CX DX ....
16 but register can be split into high and low bytes. e.g EAX would be AL, the lower 8 bytes of the 16 bit registers and AH would be the higher 8 bits of the 16 but register.
There is one more important register called the EIP which is the instruction pointer the EIP register pointer to the next operation to be done on the stack. There are other registers like segment and control registers but that's for later tutz.
When start doing to do your l33t work with assembly you MUST know you the assembly instructions.
PUSH <value>
Puts value on top of the stack
POP <register>
Gets data from the top of the stack and puts it into a register
Example of PUSH and POP
PUSH 0x01
PUSH OX02
POP EAX
POP EDX
After the instructions are ran, EAX would be equal to 0x02 and EDX would be equal to EDX would be eqal to 0x02.(LIFO)
-------------
Test <value1>, <value2>
Compares two bitvalues in data often used to test if a value is equal to zero.
----------------
CMP <value>,<value2>
Compares 2 values by subtracting the source from the destination and updates the flags
Example: CMP EAX, EDX
---------
MOV <to>,<from>
Moves data from one address to another
Example: MOV, EAX, 0x1
-----
CALL <address>
Calls(runs) a functions.
----------
DEC <value>
Decreases a value by 1
Examples: DEC EAX
Will decrease EAX by 1
------------
RET
Returns from a subroutine or function to the code after the call that called the function
----------
INC <value>
Increases value by 1
Example INC EAX
Will increase EAX by 1
------------
SUB<value1>,<value2>
Subtracts value 1 from value 2 and stores the result in value 1
Example: SUB, EAX,03
-----------
XOR<value1>,<value2>
exclusive or, most commonly used to quickly set a register to 0 or for simple encryption
Example: XOR EAX, EAX
will make EAX = to 0
---------
ADD<value1>,<value2>
Adds two values, then puts the result in value1
Example: ADD EAX,05
---------------
Jump Instructions
------------
16 but register can be split into high and low bytes. e.g EAX would be AL, the lower 8 bytes of the 16 bit registers and AH would be the higher 8 bits of the 16 but register.
There is one more important register called the EIP which is the instruction pointer the EIP register pointer to the next operation to be done on the stack. There are other registers but that's up for later tutorials.
When you start doing debugging or start writing exploit code here are the most common Assembly Instructions:
Common Assemble instructions.
PUSH <value>
Puts value on top of the stack.
POP <register>
Gets data from the top of the stack and puts it in a registers.
Example of PUSH and POP:
PUSH 0x01
PUSH 0x02
POP EAX
POP EDX
After the instructions are ran, EAX would be equal to 0x02 and EDX would be equal to 0x01. (LIFO)
----------------
TEST <value1>, <value2>
Compares two bit values in data often used TEST EAX, EAX in software to check if EAX is zero, example after a function that check if serial is correct
-------------
Jumps are used to control the program-flow, they decide where in the programs we go, and in company of eg a CMP function the jump can decide weather the program is going to run code in one pace or another.
The is compared to the if statement in C/C++ or the goto statement
There are many jump instructions to do different things. Here is a short list
JMP<address> //JUmps always
JZ <address> // Jump if zero
JNZ <address> //Jump if not zero
JNE <address> //Jump if not zero
JGE <address //JUmp if greater of equal
JBE <address> // JUmp if below or equal
JA <address> JUmp if aboce
JAE <address> JUmp if above or wqual to
-------------
The code below if a example of code checking the serial number a user inputs
Example of ASM code:
0x01 CALL CheckRegistered //Check is user registed
0x02 TEST EAX, EAX //Checks if EAX is equal to 0
0x03 JZ 0x06 //if EAX is equal to 0 jump to please register screen
0x04 CALL ShowThanksPurchare // else show thanks for purchare screen
0x05 JMP CoutinueProgram //coutinues with normal program routinue
0x06 Call PleaseRegsterScreen //calls please register screen if not registered
0x07 JMP 0x09 //jmps to ExitProgram
This might look confusing even with the comments but I will explain.
The number on the left side are address in hex and on the right side are ASM instructions. First the program calls the check if register functions then tests if EAX is 0 (false) if EAX is not zero it will fo to the thanks for purchase screen and continue with the program. If not it will jmp to the please register screen then exits the program.
You may find this tutorial to be confusing as heck but you will find that it is easier once you start reading. Reading is the key.
This concludes my lesson
Al Capwne OUt!
Other good tutorials:
EDIT: ill write more tuts 
when i have time...
------------------------
When debugging and writing exploit code you will se alot of assembly code. If your a n00b and don't know what that stuff if well this is a good place to start.
Lets get started....
The Stack
-----------------
The stack is a very useful data structure. It is a temporary storage unit in memory where function arguments and local variables are held during run time. The stack used the LIFO principle which means the first value put in is the last value put out. Just imagine a stack of plate ready to be washed the first plate put on the stack of plates is the last plate to be washed. You may not understand this right now but you will get it.
CPU Registers
-----------------
Registers are internal memory locations used as variables. A register is 32 bits (4 bytes). There are 8 registers.
EAX(Accumulator Register): used for storing result data
EBX(Base Register): Used for storing pointers to data.
ECX(Counter Register): Used for loop operations.
EDX(Data Register): Used as a input output pointer.
ESI, EDI(Pointers): Data registers usually used as a pointer to strings
ESP(Pointer): The stack pointer
EBP(Pointer): pointer to stack data
The "E" in the begining of the registers means Extended and indicates its a 32 bit register.
32 bit registers can be split into 16 bit registers which are the same thing but without the "E" in the begining.
example: AX CX DX ....
16 but register can be split into high and low bytes. e.g EAX would be AL, the lower 8 bytes of the 16 bit registers and AH would be the higher 8 bits of the 16 but register.
There is one more important register called the EIP which is the instruction pointer the EIP register pointer to the next operation to be done on the stack. There are other registers like segment and control registers but that's for later tutz.
When start doing to do your l33t work with assembly you MUST know you the assembly instructions.
PUSH <value>
Puts value on top of the stack
POP <register>
Gets data from the top of the stack and puts it into a register
Example of PUSH and POP
PUSH 0x01
PUSH OX02
POP EAX
POP EDX
After the instructions are ran, EAX would be equal to 0x02 and EDX would be equal to EDX would be eqal to 0x02.(LIFO)
-------------
Test <value1>, <value2>
Compares two bitvalues in data often used to test if a value is equal to zero.
----------------
CMP <value>,<value2>
Compares 2 values by subtracting the source from the destination and updates the flags
Example: CMP EAX, EDX
---------
MOV <to>,<from>
Moves data from one address to another
Example: MOV, EAX, 0x1
-----
CALL <address>
Calls(runs) a functions.
----------
DEC <value>
Decreases a value by 1
Examples: DEC EAX
Will decrease EAX by 1
------------
RET
Returns from a subroutine or function to the code after the call that called the function
----------
INC <value>
Increases value by 1
Example INC EAX
Will increase EAX by 1
------------
SUB<value1>,<value2>
Subtracts value 1 from value 2 and stores the result in value 1
Example: SUB, EAX,03
-----------
XOR<value1>,<value2>
exclusive or, most commonly used to quickly set a register to 0 or for simple encryption
Example: XOR EAX, EAX
will make EAX = to 0
---------
ADD<value1>,<value2>
Adds two values, then puts the result in value1
Example: ADD EAX,05
---------------
Jump Instructions
------------
16 but register can be split into high and low bytes. e.g EAX would be AL, the lower 8 bytes of the 16 bit registers and AH would be the higher 8 bits of the 16 but register.
There is one more important register called the EIP which is the instruction pointer the EIP register pointer to the next operation to be done on the stack. There are other registers but that's up for later tutorials.
When you start doing debugging or start writing exploit code here are the most common Assembly Instructions:
Common Assemble instructions.
PUSH <value>
Puts value on top of the stack.
POP <register>
Gets data from the top of the stack and puts it in a registers.
Example of PUSH and POP:
PUSH 0x01
PUSH 0x02
POP EAX
POP EDX
After the instructions are ran, EAX would be equal to 0x02 and EDX would be equal to 0x01. (LIFO)
----------------
TEST <value1>, <value2>
Compares two bit values in data often used TEST EAX, EAX in software to check if EAX is zero, example after a function that check if serial is correct
-------------
Jumps are used to control the program-flow, they decide where in the programs we go, and in company of eg a CMP function the jump can decide weather the program is going to run code in one pace or another.
The is compared to the if statement in C/C++ or the goto statement
There are many jump instructions to do different things. Here is a short list
JMP<address> //JUmps always
JZ <address> // Jump if zero
JNZ <address> //Jump if not zero
JNE <address> //Jump if not zero
JGE <address //JUmp if greater of equal
JBE <address> // JUmp if below or equal
JA <address> JUmp if aboce
JAE <address> JUmp if above or wqual to
-------------
The code below if a example of code checking the serial number a user inputs
Example of ASM code:
0x01 CALL CheckRegistered //Check is user registed
0x02 TEST EAX, EAX //Checks if EAX is equal to 0
0x03 JZ 0x06 //if EAX is equal to 0 jump to please register screen
0x04 CALL ShowThanksPurchare // else show thanks for purchare screen
0x05 JMP CoutinueProgram //coutinues with normal program routinue
0x06 Call PleaseRegsterScreen //calls please register screen if not registered
0x07 JMP 0x09 //jmps to ExitProgram
This might look confusing even with the comments but I will explain.
The number on the left side are address in hex and on the right side are ASM instructions. First the program calls the check if register functions then tests if EAX is 0 (false) if EAX is not zero it will fo to the thanks for purchase screen and continue with the program. If not it will jmp to the please register screen then exits the program.
You may find this tutorial to be confusing as heck but you will find that it is easier once you start reading. Reading is the key.
This concludes my lesson
Al Capwne OUt!
Other good tutorials:
Code:
http://www.securitytube.net/Assembly-Primer-for-Hackers-(Part-1)-System-Organization-video.aspx http://novocain.skilinium.com/videos/DebuggingLesson1_InstallingOllyDbg/Video/DebuggingLesson1_InstallingOllyDbg.html http://novocain.skilinium.com/videos/DebuggingLesson2_BasicASM/Video/DebuggingLesson2_BasicASM.html
when i have time...Similar Threads
- 3Last post
- 4Last post
- 1Last post
