Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Basic x86 ASM Mainly Term Explanations

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
malfunction
Grandmaster Cheater Supreme
Reputation: 0

Joined: 30 Jan 2007
Posts: 1015
Location: http://www.behindthecorner.com/
PostPosted: Thu Feb 28, 2008 10:43 am    Post subject: Basic x86 ASM Mainly Term Explanations Reply with quote
So heres just a small overview on ASM, mainly the basic terms you should know before starting to crack.
Note this is x86 ASM
x86 ASM does not use 32 or 64 bit registers, only below 32, eg. 16, 8, 4,etc..
Please do correct me if I'm wrong in something, I'm not a master in ASM Wink

What you need to know to crack?

You need to know basic terms in assembly and some knowledge on hex values which the jumps will do. You must also have some programming knowledge in C or VB for coding KeyGenerators.
You will also need a good working brain along with certain tools ( mainly three tools ) mentioned in my tutorial on Serial Fishing (1st one)

Here are some of the terms in ASM (Assembly) and explanations

Registers
Registers are variables which are stored in your processor. The processor uses these variables for basic mathematical and logical operations. The mostly used registers are: eax, ebx, ecx and edx. Sometimes you may also see registers like edi, esi, esp, ebp.

Flags
Flags are Boolean variables (0 or 1 values). Flags are used by the processor for internal logical and mathimatical operations.
There are two important flags such as ZERO flag and NON ZERO flags.

Register Flags:
Abr//Name//Bit N//Description
Code:

OF     Overflow Flag     11   indicates an overflow when set
DF     Direction Flag    10   used for string operations to check direction
IF     Interrupt Flag     9   if set, interrupt are enabled, else disabled
TF     Trap Flag          8   if set,   CPU can work in single step mode
SF     Sign Flag          7   if set,   resulting number of calculation is negative
ZF     Zero Flag          6   if set,   resulting number of calculation is zero
AF     Auxiliary Carry    4   some sort of second carry flag
PF     Parity Flag        2   indicates even or odd parity
CF     Carry Flag         0   contains the left-most bit after calculations



the Term Code
When you are analysing a piece of code, you must understand that the processor is actually quite simple, it simply follows the basic instructions, line by line.

Call
The syntax for a call should be like this
//SYNTAX//
.XXXXXXXX call ZZZZZZZZ // where .XXXXXXXX is the offset of the call and ZZZZZZZZ is the line no to be called
A "call" instruction calls the specified line number (here it is ZZZZZZZZ)

CMP
It means compare and it compares two registers. Its syntax must look like this
//SYNTAX//
.XXXXXXXX cmp eax,edx (or any other register)

Offset
Its quite simple to answer this one because it means a line number or address which appears in W32Dasm "@ Offset bla..bla..h"
where bla..bla.. is the offset and 'h' means hex.

Jump
A jump is an instruction which is very similar to a call.

W32Dasm
It is a disassembler/debugger which is used for disassembling programs.(both 16 bit and 32 bit windows programs)
For newbies w32dasm is recommended by most crackers.

HView (HackersView)
Its a hex editor and you can use this tool to modify the contents of the file.
There are many hex editors like hexworks, hexworkshop and free hex editor for windows.

Jumps//Explanation
Code:
je               jump equal >>>hex value is 74
jne             jump not equal >>>hex value is 75
jnb             jump not below >>>hex value is 73
jna             jump not above >>>hex value is 76
ja               jump above >>>hex value is 77
jb               jump below >>>hex value is 72
jle              jump lower or equal >>>hex value is 7E
jge             jump greater or equal >>>hex value is 7D
jbe             jump below or equal
jae             jump above or equal
jnbe           jump not below or equal
jnae           jump not above or equal
jnge           jump not greater or equal
jnbe           jump not below or equal
jz               jump if zero
jnz             jump if not zero
jg               jump if greater >>>hex value is 7F
jl                jump if lesser >>>hex value is 7C
nop            No-OPeration >>>It tells the program to "do absolutely nothing"
jmp            jump directly to >>>this is an unconditional jump >>>hex value is EB
inc eax***              ==>>hex value = 40 ,
dec eax**             ==>>hex value= 48 ,
nop*                   ==>>hex value= 90



The hex value for nop is 90.*
The "inc eax" means increase eax by one.***
The "dec eax" means decrease eax value by one.**

Thanks,
Sky

Originally Posted By: Skytactic
Code:
http://forum.astalavista.ms/viewtopic.php?t=122175

_________________
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857
PostPosted: Thu Feb 28, 2008 3:01 pm    Post subject: Re: Basic x86 ASM Mainly Term Explanations Reply with quote
skyllakarean wrote:
x86 ASM does not use 32 or 64 bit registers, only below 32, eg. 16, 8, 4,etc..
Please do correct me if I'm wrong in something, I'm not a master in ASM Wink

The majority of CPUs are 32 bit at the moment. This number is limited by either the size of the data bus or the largest general purpose register. In most modern CPUs, the address bus is 64 bits wide and the size of the largest GPR is 32 bits. There is a specific relationship between the 32 bit register and its corresponding 16 and 8 bit register.

For example, take EAX. EAX can hold 4 bytes/32 bits. The lower order part of EAX is AX, its 16 bit corresponding register. AX is then split into AL and AH, its higher and lower parts. Here is a diagram showing this relationship:



Btw by saying 80x86, you are describing the 80x86 instruction set which has no registers but is merely the set of instructions that can be used/are compatible with the 80x86 family.
Quote:
What you need to know to crack?

You need to know basic terms in assembly and some knowledge on hex values which the jumps will do. You must also have some programming knowledge in C or VB for coding KeyGenerators.

If you want to make keygens, any programming language will do. Most scripting languages will probably even do the job for you depending on how you go about getting the key.
Quote:
Registers
Registers are variables which are stored in your processor. The processor uses these variables for basic mathematical and logical operations. The mostly used registers are: eax, ebx, ecx and edx. Sometimes you may also see registers like edi, esi, esp, ebp.

They are actually part of the hardware on your CPU. They are essentially used because of their high performance. They have a fast access times, are very expensive so come in small quantities. Registers generally act as a "middleman" in every calculation.
Quote:
Flags
Flags are Boolean variables (0 or 1 values). Flags are used by the processor for internal logical and mathimatical operations.
There are two important flags such as ZERO flag and NON ZERO flags.

Not quite sure what you mean by non zero flag. There are many flags and they are held in the EFLAGs register as bits that can be toggled.
Quote:
Register Flags:
Abr//Name//Bit N//Description
Code:

OF     Overflow Flag     11   indicates an overflow when set
DF     Direction Flag    10   used for string operations to check direction
IF     Interrupt Flag     9   if set, interrupt are enabled, else disabled
TF     Trap Flag          8   if set,   CPU can work in single step mode
SF     Sign Flag          7   if set,   resulting number of calculation is negative
ZF     Zero Flag          6   if set,   resulting number of calculation is zero
AF     Auxiliary Carry    4   some sort of second carry flag
PF     Parity Flag        2   indicates even or odd parity
CF     Carry Flag         0   contains the left-most bit after calculations

There is no register flag. The flags are held in a separate register to the ones you are talking about.
Quote:
CMP
It means compare and it compares two registers. Its syntax must look like this
//SYNTAX//
.XXXXXXXX cmp eax,edx (or any other register)

You can actually compare the following:
reg,reg
mem,reg
reg,mem
reg,imm
mem,imm
acc,imm

Yeah that's not bad, got a lot of good stuff there, keep it up Smile
Back to top
View user's profile Send private message
malfunction
Grandmaster Cheater Supreme
Reputation: 0

Joined: 30 Jan 2007
Posts: 1015
Location: http://www.behindthecorner.com/
PostPosted: Fri Feb 29, 2008 7:49 am    Post subject: Reply with quote
Thanks for correcting/completeing some of the stuff Wink
_________________
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites