Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
0 of .
Results for:
P. 1
HELP CE

# HELP CE

Ratings: (0)|Views: 8|Likes:

### Availability:

See more
See less

11/21/2013

pdf

text

original

Basic assembler

Originally posted by Dark Byte + addition by Smidge204Most people think assembler is very difficult, but in fact it's very easy.In this tutorial i'll try to explain how some basic assembler worksThe processor works with memory and registers. The registers are like memory but a lot faster than memory.Registers are EAX,EBX,ECX,EDX,ESP,EBP,ESI,EDI, and the segment registers. (There's also EIP, wich is theInstruction Pointer. It points to the instruction that is about to be executed)Some examples:sub ebx,eax (ebx=00000005,eax=00000002)Lets take it apart in it's most basic elements:opcode param1,param2The opcode is the instruction telling the processor what to do, in this case decrease the value stored in register ebxwith the value stored in register eax.In this case ebx=5 and eax=2 so ebx would be after this instruction 3. (5-3)Also note that whever you see a opcode with 2 parameters: The first parameter is the target of the instruction. The2nd is the sourcesub [esi+13],ebx (ebx=00000003,esi=008AB100)In this case you see the first parameter is between brackets. This indicates that instead of registers a memorylocationis being used.The memorylocation is pointed at by whats in between the brackets, in this case esi+13 (Note that the 13 is inhexadecimal)ESI=008AB100 so the address pointed at is 008AB113.This instruction would decrease the value stored at location 008AB113 with the value stored in ebx(wich is 3).If the value at location 008AB113 was 100 then the value stored at 008AB113 after this instruction would be 97.sub [esi+13],63 (esi=008AB100)This is almost the same as above but instead of using a register it uses a direct value.Note that 63 is actually 99 because the instruction is always written using hexadecimal.Lets say the value at 008ab113 is 100 (wich is 64 in hexadecimal) then the value at 008ab113 after execution wouldbe 1 (100-99)sub ebx,[esi+13] (ebx=00000064 esi=008ab100)This instruction decreases the value stored in ebx with the value stored at location 008ab113.(esi+13=008ab100+13=008ab113, in case you forgot)Up until now i've only used SUB as instruction, but there are lots and lots of other instructions the procesor knows.Lets take a look at MOV, one of the most often used instructionsalthough it's name sugests that it moves data, it just COPYs data from one spot to another.MOV works exactly the same as sub. first parameter is the destination, and second parameter is the source.examples:MOV eax,ebx eax=5,ebx=12Copies the value stored in ebx into eax

So, if this instruction would be executed eax would be 12. (and ebx would stay 12)MOV [edi+16],eax eax=00000064, edi=008cd200)This instruction will place the value of eax(64hex=100 decimal) at the location of edi+16 (008cd200+16=008cd216).So after instruction the value stored at 008cd216 will be 100 (64 hex)As you see, it works just like the SUB instruction.Then there are also those instructions that only have 1 parameter like inc and dec.example:inc eax :increase the value at eax with 1dec ecx: decrease the value of ecx with 1dec [ebp]: Decrease the value stored at the address pointed to by ebp with 1.Right now i've only shown the 32-bit registers (eax, ebx ecx....) but there are also 16-bit register and 8-bit registersthat can be used.the 16 bit registers are: AX,BX,CX,DX,SP,BP,SI,DIthe 8 bit register are: AH,AL,BH,BL,CH,CL,DH,DLNote that when changing ah or al you'll also change AX, and if you change AX you'll also change EAX, same goes forbl+bh+bx+ebx,ch+cl+cx+ecx,dh+dl+dx+edxYou can use them almost the same with the instructions for 32 bit but they will only change 1 (8 bit) or 2(16-bit) bytes,instead of 4 (32-bit) bytes.example:dec al :decreases the 8 bit register alsub [esi+12],al :decreases the 1-byte value stored at the location esi+12 points at with the value of almov al,[esi+13]:places the 1-byte value stored at the location esi+13 points in the al register.Note that it is IMPOSSIBLE to use a 16 or 8 bit register for instructions that point to an address. eg: mov [al+12],0 willNOT work.There are also 64 and 128 bit registers, but I wont discuss them since they are hardly ever used, and cant be usedwith the other instructions that also work with 32 bit)Then there are the JUMPS, LOOPS, and CALLS:JMP:The JMP instruction is the easiest it changes the Instruction Pointer (EIP) to the location the JMP instruction points atand continues from there.There are also conditional jumps that will only change the instruction pointer if a special condition has met. (forexample set using the compare instruncion (CMP))JA=Jump if AboveJNA=Ju,p if not aboveJB=Jump if belowJE=Jump if equalJC=Jump if carryand LOTS of other conditional jumpLOOP:The loop instruction also points just like the JMP to a memory location, but only jumps to that location if the ECXregister is not 0.and of course, there are also special contitional loops:LOOPE:Loop while ecx is not 0 AND the zero flag is not setLOOPZ:same as LOOPE.LOOPNE:Loop while ECX is not 0 AND the zero flag is set.LOOPNZ:Same as LOOPNE