Main:advertisement
its basic & might help newbies in cracking HBH application challenges..
This article is mainly intended to help you learn the basics of ASM so that you can crack the applications.. This one is not going to help you code something in assembly.
==>Difference between Machine language & ASM:
Computers can only understand the language of binary(1s & 0s) & is known as machine language.. But, we can't understand the language of binary.. So, ASM is there to help us understand the code.. It removes odds of 1s & 0s but is still hard to understand everything & code something in ASM.. In fact, ASM acts as a bridge between machine language & languages like C, C#, VB, etc.. The assembly language have mnemonics to help us... Also the hex number system is extremely useful in the cracking process.
Now lets start with the basic & useful commands of ASM which will be required in most of the application cracking..
The comments will be shown by ;
for example: mov EAX,21h ;this is a comment
1) mov: The mov command is used to copy data from the source to the destination. It is to be noted that value at source will not be erased..
Syntax: mov <dest>,<source>
Example: mov eax,21h ;eax=21h
mov ebx,eax ;ebx=eax
Also the point to be noted is that the data can't be moved directly from the memory to a segment register(will describe registers later). In such condition, you will have to move the data first to general purpose register & then to segment registers..
Example: mov eax,21h
mov ds,ax
2) cmp (compare command): This command is used for the comparison... & on the basis of true or false evaluation of comparisonk, the jump is taken or not taken.. In fact, cmp sets Z-flag or removes it on the basis of which next jump or instruction operates..
Example: cmp eax,ebx ; compares eax with ebx
cmp eax,[404000] ;compares eax with the dword at 404000
3) jumps: There are various kinds of jumps but I'll be discussing the major ones useful in cracking.. The jump commands are used to deviate the code flow of program based on the value of flags..
a) jmp (Unconditional jump): It requires no condition.. In other words, the code will jump irrespective of the value of the Z-flag i.e. it will always jump..
Syntax: jmp <dest>
Example: jmp start ; jump to start
jmp 10h ; jump to offset 10h
b)je (Jump if equal): This jump will be taken if the Z-flag is set i.e. the value becomes 1..
Syntax: je <dest>
Example: je 5h; jumps to offset 5h if Z-flag=1
c) jne (Jump if not equal): This jump will be taken if the Z-flag is not set i.e. Z-flag=0..
d) jz (jump if zero): This jump will be taken if zero flag is on(set to 1)
Syntax: jz <dest>
e) jnz (jump if not equal): This jump will be taken if zero flag is off(set to 0)..
Syntax: jnz <dest>
4)NOP (No OPeration): This means no operation or do nothing.. So, by noping we can make the jump useless.. It is usefull in cracking..
5) call: This command is used to call a certain procedure in the program.
Syntax: call <dest>
Example: call 100 ;jumps to offset 100 & continues to execute
6) ret: This command is used to return to the next command after the call..
Syntax: ret
7) push & pop: The push command puts certain data to the stack while the pop command takes out certain data from the stack.. The push & pop commands work on the basis of 'last in, first out' like the piles of books.. That is, the last data pushed on stack will be the first one to be popped from the stack..
Syntax: push <value>
pop <dest>
Example: push ebx
pop ebx
8) xor: It is an exclusive or function which works at the bit level..
1 & 1 = 0
1 & 0 = 1
0 & 1 = 1
0 & 0 = 0
The above is the xor mechanism..
So, this is useful to clear register values or the memory location..
Syntax: xor <dest>,<source>
Example: xor eax,eax ; this clears eax register
9) add: The add command is used to add the source to the destination & the result is stored in the destination..
Syntax: add <dest>,<source>
Example: add eax,20h ; adds 20h to eax
10) sub: The sub command is used to subtract the source from the destination & final result is stored in the destination..
Syntax: sub <dest>,<source>
Example: sub eax,9h ; subtracts 9h from eax & saves the value in eax
11) inc: this command is used to increment the value..
Syntax: inc <dest>
Example: mov eax,5h ;eax=5h
inc eax ; now eax is 6h
12) dec: this command is used to decrease the value..
Syntax: dec <dest>
Example: mov eax,5h ; eax=5h
dec eax ; now eax is 4h
There are many more commands you need to know to be cracker but these commands can be a quick start for beginners..
Now lets move on to know about stacks & registers...
====>>Stack: Stack is a part of memory where the chunk of data are stored for using them later on.. Stack can be referred to the pile of books where the last one to enter is the first one to come out.. The push & pop commands related with stack has already been discussed..
====>>Registers: Registers are the place where the data are stored temporarily.. Registers are of different types & they may be 8-32 bit in size.. & most modern day CPU use 32 bit registers for storing data.. The 32 bits register can store data from 0 to FFFFFFFF.. The various types of registers are discussed as below:
a) General registers: These are generally used for data manipulation & other purposes..
EAX: Extended Accumulator Register
EBX: Extended Base Register
ECX: Extended Counter Register
EDX: Extended Data Register
Their 16 bits version are AX, BX, CX & DX respectively..
b) Segment registers:
CS, SS, DS, ES, FS, GS
These are 16 bits in size & they store pointers to code, stack, etc..
c) Offset registers: They show offset related to the segment registers..
EBP: Extended Base Pointer: It points to the beginning of local environment for a function & is mainly related with stack & stack frames..
d) Other Registers:
EIP: Extended Instruction Pointer: It points to the address of next instruction to be executed.. So, in olly, whenever you scroll up or down, you can click on EIP at registers section to return to the last instruction you were in..
===>>Tools Of Trade: For cracking the softwares, you require various tools... In fact, knowledge without tools always makes you fail in application cracking.. So let me list some of the tools required for beginner cracking..
a) Ollydebugger
b) Win32DASM
c) SoftIce
d) PEID
e) XVI32 or any hex editor
f) Hex converter(Calculator)
There are other tools as well but these can be enough for starting.. Check www.protools.cjb.net for more tools.
So, with this, my article on ASM basics comes to end.. I have tried to be as much accurate as I can... If you find any mistake anywhere, please comment.. This is my first article on ASM so please rate/comment it.. It would help me to improve myself.. Thanks for being patient while reading this..
Peace...
==>Difference between Machine language & ASM:
Computers can only understand the language of binary(1s & 0s) & is known as machine language.. But, we can't understand the language of binary.. So, ASM is there to help us understand the code.. It removes odds of 1s & 0s but is still hard to understand everything & code something in ASM.. In fact, ASM acts as a bridge between machine language & languages like C, C#, VB, etc.. The assembly language have mnemonics to help us... Also the hex number system is extremely useful in the cracking process.
Now lets start with the basic & useful commands of ASM which will be required in most of the application cracking..
The comments will be shown by ;
for example: mov EAX,21h ;this is a comment
1) mov: The mov command is used to copy data from the source to the destination. It is to be noted that value at source will not be erased..
Syntax: mov <dest>,<source>
Example: mov eax,21h ;eax=21h
mov ebx,eax ;ebx=eax
Also the point to be noted is that the data can't be moved directly from the memory to a segment register(will describe registers later). In such condition, you will have to move the data first to general purpose register & then to segment registers..
Example: mov eax,21h
mov ds,ax
2) cmp (compare command): This command is used for the comparison... & on the basis of true or false evaluation of comparisonk, the jump is taken or not taken.. In fact, cmp sets Z-flag or removes it on the basis of which next jump or instruction operates..
Example: cmp eax,ebx ; compares eax with ebx
cmp eax,[404000] ;compares eax with the dword at 404000
3) jumps: There are various kinds of jumps but I'll be discussing the major ones useful in cracking.. The jump commands are used to deviate the code flow of program based on the value of flags..
a) jmp (Unconditional jump): It requires no condition.. In other words, the code will jump irrespective of the value of the Z-flag i.e. it will always jump..
Syntax: jmp <dest>
Example: jmp start ; jump to start
jmp 10h ; jump to offset 10h
b)je (Jump if equal): This jump will be taken if the Z-flag is set i.e. the value becomes 1..
Syntax: je <dest>
Example: je 5h; jumps to offset 5h if Z-flag=1
c) jne (Jump if not equal): This jump will be taken if the Z-flag is not set i.e. Z-flag=0..
d) jz (jump if zero): This jump will be taken if zero flag is on(set to 1)
Syntax: jz <dest>
e) jnz (jump if not equal): This jump will be taken if zero flag is off(set to 0)..
Syntax: jnz <dest>
4)NOP (No OPeration): This means no operation or do nothing.. So, by noping we can make the jump useless.. It is usefull in cracking..
5) call: This command is used to call a certain procedure in the program.
Syntax: call <dest>
Example: call 100 ;jumps to offset 100 & continues to execute
6) ret: This command is used to return to the next command after the call..
Syntax: ret
7) push & pop: The push command puts certain data to the stack while the pop command takes out certain data from the stack.. The push & pop commands work on the basis of 'last in, first out' like the piles of books.. That is, the last data pushed on stack will be the first one to be popped from the stack..
Syntax: push <value>
pop <dest>
Example: push ebx
pop ebx
8) xor: It is an exclusive or function which works at the bit level..
1 & 1 = 0
1 & 0 = 1
0 & 1 = 1
0 & 0 = 0
The above is the xor mechanism..
So, this is useful to clear register values or the memory location..
Syntax: xor <dest>,<source>
Example: xor eax,eax ; this clears eax register
9) add: The add command is used to add the source to the destination & the result is stored in the destination..
Syntax: add <dest>,<source>
Example: add eax,20h ; adds 20h to eax
10) sub: The sub command is used to subtract the source from the destination & final result is stored in the destination..
Syntax: sub <dest>,<source>
Example: sub eax,9h ; subtracts 9h from eax & saves the value in eax
11) inc: this command is used to increment the value..
Syntax: inc <dest>
Example: mov eax,5h ;eax=5h
inc eax ; now eax is 6h
12) dec: this command is used to decrease the value..
Syntax: dec <dest>
Example: mov eax,5h ; eax=5h
dec eax ; now eax is 4h
There are many more commands you need to know to be cracker but these commands can be a quick start for beginners..
Now lets move on to know about stacks & registers...
====>>Stack: Stack is a part of memory where the chunk of data are stored for using them later on.. Stack can be referred to the pile of books where the last one to enter is the first one to come out.. The push & pop commands related with stack has already been discussed..
====>>Registers: Registers are the place where the data are stored temporarily.. Registers are of different types & they may be 8-32 bit in size.. & most modern day CPU use 32 bit registers for storing data.. The 32 bits register can store data from 0 to FFFFFFFF.. The various types of registers are discussed as below:
a) General registers: These are generally used for data manipulation & other purposes..
EAX: Extended Accumulator Register
EBX: Extended Base Register
ECX: Extended Counter Register
EDX: Extended Data Register
Their 16 bits version are AX, BX, CX & DX respectively..
b) Segment registers:
CS, SS, DS, ES, FS, GS
These are 16 bits in size & they store pointers to code, stack, etc..
c) Offset registers: They show offset related to the segment registers..
EBP: Extended Base Pointer: It points to the beginning of local environment for a function & is mainly related with stack & stack frames..
d) Other Registers:
EIP: Extended Instruction Pointer: It points to the address of next instruction to be executed.. So, in olly, whenever you scroll up or down, you can click on EIP at registers section to return to the last instruction you were in..
===>>Tools Of Trade: For cracking the softwares, you require various tools... In fact, knowledge without tools always makes you fail in application cracking.. So let me list some of the tools required for beginner cracking..
a) Ollydebugger
b) Win32DASM
c) SoftIce
d) PEID
e) XVI32 or any hex editor
f) Hex converter(Calculator)
There are other tools as well but these can be enough for starting.. Check www.protools.cjb.net for more tools.
So, with this, my article on ASM basics comes to end.. I have tried to be as much accurate as I can... If you find any mistake anywhere, please comment.. This is my first article on ASM so please rate/comment it.. It would help me to improve myself.. Thanks for being patient while reading this..
Peace...
Posted by 