Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 30
Guests Online: 28
Members Online: 2

Registered Members: 82847
Newest Member: Zanjux
Latest Articles

ASM Commands and Registers - Basics for Cracking

Arrow Image its basic & might help newbies in cracking HBH application challenges..



This article is mainly intended to help you learn the basics of ASM so that you can crack the applications.. This one is not going to help you code something in assembly.

==>Difference between Machine language & ASM:
Computers can only understand the language of binary(1s & 0s) & is known as machine language.. But, we can't understand the language of binary.. So, ASM is there to help us understand the code.. It removes odds of 1s & 0s but is still hard to understand everything & code something in ASM.. In fact, ASM acts as a bridge between machine language & languages like C, C#, VB, etc.. The assembly language have mnemonics to help us... Also the hex number system is extremely useful in the cracking process.
Now lets start with the basic & useful commands of ASM which will be required in most of the application cracking..
The comments will be shown by ;
for example: mov EAX,21h ;this is a comment

1) mov: The mov command is used to copy data from the source to the destination. It is to be noted that value at source will not be erased..
Syntax: mov <dest>,<source>
Example: mov eax,21h ;eax=21h
mov ebx,eax ;ebx=eax

Also the point to be noted is that the data can't be moved directly from the memory to a segment register(will describe registers later). In such condition, you will have to move the data first to general purpose register & then to segment registers..
Example: mov eax,21h
mov ds,ax

2) cmp (compare command): This command is used for the comparison... & on the basis of true or false evaluation of comparisonk, the jump is taken or not taken.. In fact, cmp sets Z-flag or removes it on the basis of which next jump or instruction operates..
Example: cmp eax,ebx ; compares eax with ebx
cmp eax,[404000] ;compares eax with the dword at 404000

3) jumps: There are various kinds of jumps but I'll be discussing the major ones useful in cracking.. The jump commands are used to deviate the code flow of program based on the value of flags..
a) jmp (Unconditional jump): It requires no condition.. In other words, the code will jump irrespective of the value of the Z-flag i.e. it will always jump..
Syntax: jmp <dest>
Example: jmp start ; jump to start
jmp 10h ; jump to offset 10h

b)je (Jump if equal): This jump will be taken if the Z-flag is set i.e. the value becomes 1..
Syntax: je <dest>
Example: je 5h; jumps to offset 5h if Z-flag=1

c) jne (Jump if not equal): This jump will be taken if the Z-flag is not set i.e. Z-flag=0..

d) jz (jump if zero): This jump will be taken if zero flag is on(set to 1)
Syntax: jz <dest>

e) jnz (jump if not equal): This jump will be taken if zero flag is off(set to 0)..
Syntax: jnz <dest>

4)NOP (No OPeration): This means no operation or do nothing.. So, by noping we can make the jump useless.. It is usefull in cracking..

5) call: This command is used to call a certain procedure in the program.
Syntax: call <dest>
Example: call 100 ;jumps to offset 100 & continues to execute

6) ret: This command is used to return to the next command after the call..
Syntax: ret

7) push & pop: The push command puts certain data to the stack while the pop command takes out certain data from the stack.. The push & pop commands work on the basis of 'last in, first out' like the piles of books.. That is, the last data pushed on stack will be the first one to be popped from the stack..
Syntax: push <value>
pop <dest>
Example: push ebx
pop ebx

8) xor: It is an exclusive or function which works at the bit level..
1 & 1 = 0
1 & 0 = 1
0 & 1 = 1
0 & 0 = 0
The above is the xor mechanism..
So, this is useful to clear register values or the memory location..
Syntax: xor <dest>,<source>
Example: xor eax,eax ; this clears eax register

9) add: The add command is used to add the source to the destination & the result is stored in the destination..
Syntax: add <dest>,<source>
Example: add eax,20h ; adds 20h to eax

10) sub: The sub command is used to subtract the source from the destination & final result is stored in the destination..
Syntax: sub <dest>,<source>
Example: sub eax,9h ; subtracts 9h from eax & saves the value in eax

11) inc: this command is used to increment the value..
Syntax: inc <dest>
Example: mov eax,5h ;eax=5h
inc eax ; now eax is 6h

12) dec: this command is used to decrease the value..
Syntax: dec <dest>
Example: mov eax,5h ; eax=5h
dec eax ; now eax is 4h

There are many more commands you need to know to be cracker but these commands can be a quick start for beginners..

Now lets move on to know about stacks & registers...
====>>Stack: Stack is a part of memory where the chunk of data are stored for using them later on.. Stack can be referred to the pile of books where the last one to enter is the first one to come out.. The push & pop commands related with stack has already been discussed..

====>>Registers: Registers are the place where the data are stored temporarily.. Registers are of different types & they may be 8-32 bit in size.. & most modern day CPU use 32 bit registers for storing data.. The 32 bits register can store data from 0 to FFFFFFFF.. The various types of registers are discussed as below:
a) General registers: These are generally used for data manipulation & other purposes..
EAX: Extended Accumulator Register
EBX: Extended Base Register
ECX: Extended Counter Register
EDX: Extended Data Register

Their 16 bits version are AX, BX, CX & DX respectively..

b) Segment registers:
CS, SS, DS, ES, FS, GS
These are 16 bits in size & they store pointers to code, stack, etc..

c) Offset registers: They show offset related to the segment registers..
EBP: Extended Base Pointer: It points to the beginning of local environment for a function & is mainly related with stack & stack frames..

d) Other Registers:
EIP: Extended Instruction Pointer: It points to the address of next instruction to be executed.. So, in olly, whenever you scroll up or down, you can click on EIP at registers section to return to the last instruction you were in..

===>>Tools Of Trade: For cracking the softwares, you require various tools... In fact, knowledge without tools always makes you fail in application cracking.. So let me list some of the tools required for beginner cracking..
a) Ollydebugger
b) Win32DASM
c) SoftIce
d) PEID
e) XVI32 or any hex editor
f) Hex converter(Calculator)

There are other tools as well but these can be enough for starting.. Check www.protools.cjb.net for more tools.

So, with this, my article on ASM basics comes to end.. I have tried to be as much accurate as I can... If you find any mistake anywhere, please comment.. This is my first article on ASM so please rate/comment it.. It would help me to improve myself.. Thanks for being patient while reading this..

Peace...

Comments

spywareon November 06 2008 - 01:25:42
This article needs a better foundation. Right now it's garbled information. Sharp, yet unclear. True, but clouded. Pretty useless in it's current form, too.
Zephyr_Pureon November 06 2008 - 13:46:07
As is usual when I approve an article, I'm almost obligated to comment. I was genuinely impressed with this article for a few reasons. First and foremost, it did what it said in its title; not many articles can say this. You promised an intro to ASM, and you delivered. Second, the information is short and sweet, and straight to the point. I don't have to wade through bad jokes and roflcopters to find the "good stuff". Third, the organization is just on-point: it's very rare to see an article so well preconceived, structured, and proofread. Finally, this is impressive coming from YOU, since your last article was not very inspiring. You did an exemplary job with this and, for that, I can neglect to criticize the part about ASM bridging machine language and high-level languages. Smile
Uber0non November 06 2008 - 21:55:40
I read through this and I agree - it's a very good article for people who want to start with debugging/cracking. Well done!
sam207on November 09 2008 - 04:34:07
thanks all for +ve/-ve comments.. would definitely help me to improve myself..
korgon November 18 2008 - 10:18:00
I think it's a great article for Basic commands and cracking, Not too much to confuse and just enough to help. 8/10
clone4on November 23 2008 - 00:33:10
Very helpful! Rated very good for the aforementioned 'problems' Smile
alkaon January 05 2009 - 00:39:54
This article did hit the main ASM opcodes, but it didn't discuss any about sizes of opcode and operands... Which is very critical in ASM... I personally feel like this article gives you barely enough about what some written ASM codes, but it fails to explain why and how.... Lastly it's really help to realize that what compare does is subtract without storing result of subtraction to destination operand... but just setting up the flag registers...
c4p_sl0ckon March 03 2009 - 02:05:50
I think it's a good introduction. Would be nice with another article which has more depth and detail (don't know if any exists here already). Smile
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.