Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Tutorial] Beginning Assembly Language
Goto page 1, 2, 3, 4, 5, 6, 7  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
TheSorc3r3r
I post too much
Reputation: 0

Joined: 06 Sep 2006
Posts: 2404

PostPosted: Sun Oct 15, 2006 11:17 am    Post subject: [Tutorial] Beginning Assembly Language Reply with quote

WARNING: This tutorial is outdated (I wrote it when I knew absolutely nothing), and has incorrect information. Please refer to Skyone's tutorial instead.

This is a beginner's Assembly language tutorial. For those who have gotten past the stage of simple hacking and want to learn how to start writing their own assembly scripts; I'd be glad to help. Many of the guides on Google are daunting and confusing, so I've tried to make this as easy as possible. I�m no expert at this, but I try to help with what I know Very Happy.

A few terms to know:

Assembly � A basic programming language

Binary � A number system in base 2

Bit � Binary digIT



What is assembly language? Assembly language is one of the most basic programming languages; only a few steps up from binary itself. When you program in assembly, you are basically moving bits and bytes around.

I�ll start off with the basics. The Commands

Mov � Move

Cmp � Compare

Jmp � Jump to

Je � Jump to if equal

Jne � Jump to if not equal

Jg � Jump to if greater than

Jl � Jump to if less than

Jng � Jump to if not greater than

Jnl � Jump to if not less than

Jge � Jump to if greater than or equal to

Jle � Jump to if less than or equal to

Note: (There are many more Jump To�s, but most aren�t worth mentioning; to see them all check out ShadowSan�s mini-tut)
Inc � Increment

Dec � Decrement

Push � Put a variable/value onto the stack

Pop � Remove a variable/value from the stack

Alloc � Allocate

Registersymbol � Registers the word as a symbol that can be added as an address manually; I�ll explain later.

Dealloc � Deallocate

Unregistersymbol � Guess Rolling Eyes

Label - Labels


THE MOV COMMAND

The mov command is probably one of the most important in Assembly. Mov = Move.

Code:
Mov a,b


This means to move b into a. Get it?

That�s just the basics. Now you have to get more specific. What do you want to move into a? Do you want to move the address of b into a? Or do you want to move the value of b into a?

Code:
Mov a,b


That means move the address of b into the address of a.

Code:
Mov a,[b]


Move the value of b into the address of a.

Code:
Mov [a],b


Move the address of b into the value of a.

Getting it? Surrounding it by brackets makes it the value instead of the address.

You can not move a value into a value. For example, this code WILL NOT WORK.

Code:
Mov [a],[b]
WILL NOT WORK!

There are more things you can do with mov. Let�s say you wanted to move the value of b + c into a.

Code:
Mov a,[b+c]
(notice that there is no space between b and the + sign, or the + sign and c)

That�s it for the mov command for now.



THE CMP COMMAND

Ah, the cmp command. Another crucial element in any assembler�s composition. Cmp = Compare.

Code:
Cmp a, b


Compare the address of a to the address b.

Code:
Cmp a, [b]


Compare the address of a to the value of b.

Code:
Cmp [a], b


Compare the value of a to the address of b.

However, if you put

Code:
Cmp a, 00
you don�t need brackets around the 00. Assembly recognizes it as an integer, and it compares a to the value of 00.

That�s it for the cmp command for now.


THE JMP COMMAND, AND ALL VERSIONS OF IT

Yet another crucial part of assembly is the jmp command. There are many different ways of saying it, but all come down to the same thing. Jmp = To Jump

Note: For more on jmp commands, see ShadowSan�s minitut.

Code:
Jmp 6558ad


Jumps to the address 6558ad. Any code that follows will impact 6558ad. For example;

Code:
Jmp 6558ad
Mov eax, [-99999]


Jumps to the address 6558ad
Moves the value -99999 into the eax (I�ll explain later) of 6558ad.

You can also jump to variables within the script, such as:

Code:
Alloc(Crash, 4)
Jmp Crash

Crash:
Jmp 6558ad
Mov eax, [-99999]


Of course, there are all the versions of jmp, such as je, jne, jg, jl, jge, jle, jng, jnl, but those are pretty self explanatory (once you know what they mean, see definitions above). Those are used with cmp. For example,

Code:
Alloc(Compare, 1024)
Alloc(EatA, 4)
Alloc(EatB, 4)
Alloc(EatC, 4)
Alloc(EatMe, 4)
Label(MyStomach)

Compare:
Cmp eax,ebx
Jg EatA
Jl EatB
Je EatC
Jmp EatMe

EatA:
Mov MyStomach,eax
Jmp Compare

EatB:
Mov MyStomach,ebx
Jmp Compare

EatC:
Mov MyStomach,ecx
Jmp Compare

EatMe:
Jmp Compare

Dealloc(Compare)
Dealloc(EatA)
Dealloc(EatB)
Dealloc(EatC)
Dealloc(EatMe)


Let�s look at this script one step at a time.

Ignore the allocating/labeling memory part for right now. Just think of those as the variable assignments for now.

Code:
Compare:
Cmp eax, ebx
Jg EatA
Jl EatB
Je EatC
Jmp EatMe


Under the label compare:
Compare eax to ebx.
If eax is greater than ebx, jump to EatA.
If eax is less than ebx, jump to EatB.
If eax is equal to ebx, jump to EatC.
If none of these are true (can�t happen under these circumstances, but is important), then jump to EatMe.

Code:

EatA:
Mov MyStomach,eax
Jmp Compare

EatB:
Mov MyStomach,ebx
Jmp Compare

EatC:
Mov MyStomach,ecx
Jmp Compare

EatMe:
Jmp Compare


These are all the different possible places your script can make you jump, depending on what the values of eax and ebx are. If you jumped to EatA, you move the value of eax into the variable MyStomach, and jump back to compare. Then the cycle begins again. This is how a script would work (this particular script wouldn�t do anything for several reasons, but I�ll explain that later.)

Note: If you are confused about eax, ebx, etc.. Don�t worry. I will explain those later.

That�s it for the jump command for now.


THE PUSH/POP COMMANDS � THE STACK

If you don�t like something, you push it away from you. If you want it back, you pop it back to you. While it�s away from you, it is frozen in time from your perspective; it is in a different place, and no longer gets your attention. Therefore, to you, it is essentially frozen in time.

This is how pushing and popping � the stack � works.



Code:
Push eax


This puts the variable eax onto the stack, away from your code. The stack is a separate place, where your variables/values are essentially frozen in time (from your codes perspective). On the stack, you can do whatever you want with that variable/value, and then put it back into the code. For example,

Code:
push eax
mov eax,[curser pointer X]
mov [Item pointer X],eax
mov eax,[curser pointer y]
mov [Item pointer y],eax
pop eax


This is an attempt at mouse-item vac. It doesn�t work; I am merely using it as an example. If you look at the code, you will see that the value is pushed off the code, essentially frozen in time, away from all interferences. Then all the changes are done to it. When eax is finished with, it is taken off the stack and put back into the code.

Pushing/popping goes more in-depth, but that isn�t for this guide.

That is it for pushing/popping for now.

INC AND DEC COMMANDS

These are extremely simple.

Code:
Inc eax


Increment the value of eax by 1.

Code:
Dec eax


Decrement the value of eax by 1.

Code:
Mov eax, 00
Inc eax


Eax will now equal 1.

That�s it for increment and decrementing for now.


THE ALLOC, REGISTERSYMBOL, AND LABEL COMMANDS

A stuck-up person might say that every human has a certain number of brain cells assigned to them. With that number of brain cells assigned to them, they do the job in life that was meant for them. Those brain cells he has are under his command. That�s how alloc works. Alloc = allocate

Code:
Alloc(Compare, 1024)
Alloc(Me, 4)
Alloc(You, 4)
Label(Compare)
Label(Me)
Label(You)

Compare:
Push eax
Push ebx
Mov eax,[00]
Mov ebx,[01]
Cmp eax, ebx
Pop eax
Pop ebx
Jg You
Jl Me

Me:
Xor eax, ebx
Jmp 614a0c

You:
Xor eax, ebx
Jmp 6abc0d
Mov eip, [00]

Dealloc(Compare)
Dealloc(Me)
Dealloc(You)



Code:
Alloc(Compare, 1024)
Alloc(Me, 4)
Alloc(You, 4)


This means that you are allocating, or assigning, a certain portion of memory to the variable to the left of the comma.

Code:
Label(Compare)
Label(Me)
Label(You)


This is just labeling the variables so they can produce results.

General Note: When you inject scripts, you label variables. When you assign scripts to your Cheat Table, you register them as symbols.

Code:
Compare:
Push eax
Push ebx
Mov eax,[00]
Mov ebx,[01]
Cmp eax, ebx
Pop eax
Pop ebx
Jg You
Jl Me


Push eax and ebx onto the stack. Move the value of 00 into eax, and move the value of 01 into ebx. Compare them, then pop them back in the code. Note that even though you popped them back from the stack into the code, the compare results remain. If eax is greater than ebx, jump to You. If it�s less, jump to Me.

Code:
Me:
Xor eax, ebx
Jmp 614a0c

You:
Xor eax, ebx
Jmp 6abc0d
Mov eip, [00]


If the script jumped to Me, it follows the code under Me. Likewise if it jumped to You. Xor is a little complicated, but it basically kills the values. Don�t worry about it, it�s not very commonly used.

Under Me, the variables are killed, and then the allocated memory for Me jumps to the memory region defined by the address after jmp. This is the more exact definition of jumping. So the memory that is assigned to Me jumps to 614a0c.

Under You, the variables are killed, and then the assigned memory for You jumps to the memory region defined by 6abc0d. Then the script puts 0 into the eip of 6abc0d. (If you�re smart, you�ll know what that does Wink)

Code:
Dealloc(Compare)
Dealloc(Me)
Dealloc(You)


This is basically the opposite of the beginning; you�re taking back that memory that you assigned to each variable. They have served their purpose, and your UCE gets its memory back.

That would be a script you would inject. Here is an example of a script you would assign to a cheat table.

Code:
Registersymbol(Bob)
Alloc(Bob, 1024)

Bob:
Mov eax,[00]
Mov ebx,[01]
Cmp eax, ebx
Jg 614a0c
Jl 6558ad
Je 6abc0d

Dealloc(Bob)
Unregistersymbol(Bob)


Register symbol means that once you activate this script in your CT, you can add the word Bob as a manual address. The key part is what the actual address is of Bob. I�ll give an example later on of how this works.

Note: You must alloc and label OR alloc and registersymbol for a script to work. This is because allocating assigns a portion of memory to work for the script, and either label or registersymbol produces results.

That�s it for all the basic commands.


[b]Important: You can not just inject a script and expect it to start, or assign it and expect it to begin. You have to activate it somehow; so far I have just explained the basic commands to any AA script. Later I will explain how to make a script work.


REGISTERS/FLAGS: DIFFERENT TYPES AND THEIR USES

To learn more about registers and how they work, read my guide on the inside of a computer.

Here I will just explain the basic registers that we use in our UCEs, and how they apply to Assembly language.
There are 9 main registers we use.

EAX, EBX, ECX, EDX, ESI, EDI, EBP, ESP, EIP

EAX, EBX, ECX, and EDX are called general purpose registers. They can handle a wide variety of functions, such as adding, subtracting, multiplying, dividing... but in Assembly scripts they are usually used as variables, or storage places for values.

ESI and EDI can be used as pointers (a little complicated, don�t worry about it), but they are mostly used as general purpose registers as well.

EBP and ESP point to data on the stack (remember push/pop?). These aren�t as commonly used.

EIP is extremely important; it is an address register. It stores the information of where data/instructions are. In other words, it is a pointer register. If you put address A into the EIP of address B, address B will be re-directed to address A.

Now, let�s look back on some of those codes.

Code:
push eax
mov eax,[curser pointer X]
mov [Item pointer X],eax
mov eax,[curser pointer y]
mov [Item pointer y],eax
pop eax


Eax is being used as a storage space for the value of the curser pointer X, so the script can transfer curser pointer X into item pointer X. Same for Y.

There are 9 flags available to us as well, although we generally only use one of them. There are a few cases where we use other ones, but they are rare.

OF � Overflow Flag. Indicates an overflow
DF � Direction Flag. Used for strings to check direction
IF � Interrupt Flag. Enables interrupts
TF � Trap Flag. Allows CPU to work in single step mode.
SF � Sign Flag. Returns results as negative
ZF � Zero Flag. Returns results as zero
AF � Auxiliary Flag. A secondary carry flag
PF � Parity Flag. Indicates even or odd parity
CF � Carry Flag. Contains the left-most bit after calculations

The one most commonly used is ZF, as you well know.


TO ACTIVATE A SCRIPT. SCRIPT EXAMPLES!

The best way to teach this is to give examples, and show how they work. This is an auto-dc/godmode script, written by me.

Note: The values in this script are for gMS/oMS.

Code:
[ENABLE]
registersymbol(Godmode)
alloc(Godmode, 1024)


Godmode:
mov edi, [755a4c]
cmp [edi+18], 00
je 614ff7
jmp 6558ad
mov eax, [-99999]
 
[DISABLE]
unregistersymbol(Godmode)
dealloc(Godmode)


When you assign a script to a CT, you have to put [ENABLE] and [DISABLE].

In the beginning, I register Godmode as a symbol and allocate 1024 bytes of memory to it.

Then I write the code for Godmode:
Move the value of 755a4c to edi.
Compare edi+18 to 0. 755a4c, offset 18 is the people scanner. Therefore I am essentially comparing the value of the people scanner (how many people are on the map) to zero. I have to use a register to hold the value of 755a4c because if I put

Code:
cmp [755a4c+18], 00


it would add them.

If the value of the people scanner is equal to zero, in other words there are no people on the map, then the script jumps to 614ff7. This activates godmode because it�s the same thing as ticking ZF. If you look at 614a0c (the address for 1-hit godmode), next to it you will see �jne 614ff7.� Ticking ZF returns the result as zero, causing it to always jump to 614ff7. In my script, I just say

Code:
je 614ff7


So when there are no people on my map, Godmode is activated.

On the other hand, if the people scanner�s value is not equal to zero, it jumps to 6558ad (the SSEAX Y address), and puts the value of EAX as -99999, causing me to DC.

Now, here comes the important part.

Assigning this script to your cheat table and ticking it won�t automatically turn on Godmode. If you think about it, these instructions are under the variable Godmode. So for these instructions to be activated, that variable Godmode has to be activated somewhere. So what do you do to activate that script?

Godmode is registered as a symbol; it can be added manually as an address. Add Godmode as an address manually. That address now has the instructions of your script in it. Then take the address of Godmode, which you just added, and put it into the EIP of 614a0c, the godmode address. This re-directs your godmode address to your Godmode script, activating the script.

Why can�t you put it in the EIP of any ol� address? The script needs the information inside the address of godmode. For more information, read the guide that I posted above.

Here is another example. This script doesn�t actually do anything, but it gives you an idea.

Code:
alloc(Compare, 11)
alloc(Jumpin, 11)
alloc(BunnyBreed,1024)

Compare:
Mov eax,Brownbunny
cmp eax,[bunny]
jne [Jumpin]
je [BunnyBreed]

Jumpin:
mov ecx,[bunny]
mov ecx,[gun]
push ecx
xor ecx,ecx

BunnyBreed:
Move eax,[bunnyMale]
Move eax,[bunnyFemale]
inc eax
inc eax
inc eax


This is an injection script, and you would use the results of the injection to activate it. This script has many problems in it.. if you can figure them out, you�re doing well. Another example would be Static DupeX, which has pre-defined ways of activating (inserting 400300, then 400350).


Hope you learned something Smile.

Feel free to ask any questions or put forth any suggestions Very Happy.

Credits go to Me, ShadowSan (helped me a ton, and made the Bunny script Razz), and Rajinn, who helped me learn Assembly in the first place.

_________________


Don't laugh, I'm still learning photoshop!


Last edited by TheSorc3r3r on Thu May 17, 2007 7:08 pm; edited 1 time in total
Back to top
View user's profile Send private message
Deine Mutter
Expert Cheater
Reputation: 1

Joined: 05 Apr 2006
Posts: 181

PostPosted: Sun Oct 15, 2006 1:40 pm    Post subject: Re: [Tutorial] Beginning Assembly Language Reply with quote

Thank you so much, this is a very good tut (better than the google-shit), after reading that i learned many things ..

But one question:

Code:
[ENABLE]
registersymbol(Godmode)
alloc(Godmode, 1024)


Godmode:
mov edi, [755a4c]
cmp [edi+18], 00
je 614ff7
jmp 6558ad
mov eax, [-99999]
 
[DISABLE]
unregistersymbol(Godmode)
dealloc(Godmode)



This code doesn't use debug registers, or?

And can i use the same way for super tubie, because super tubi is zf twice .. is there a difference?

_________________
Back to top
View user's profile Send private message
Aniblaze
Grandmaster Cheater Supreme
Reputation: 138

Joined: 23 Apr 2006
Posts: 1757
Location: The Netherlands

PostPosted: Sun Oct 15, 2006 1:41 pm    Post subject: Reply with quote

Nice contribution, but I feel like i've seen this one a long time ago, is that correct? Anyway + rep for an excellent contribution.
Back to top
View user's profile Send private message
TheSorc3r3r
I post too much
Reputation: 0

Joined: 06 Sep 2006
Posts: 2404

PostPosted: Sun Oct 15, 2006 1:44 pm    Post subject: Reply with quote

aniblaze wrote:
Nice contribution, but I feel like i've seen this one a long time ago, is that correct? Anyway + rep for an excellent contribution.


You saw it on other forums Wink

Edit: Made by me, posted by me there too as well (if you were thinking something else)

_________________


Don't laugh, I'm still learning photoshop!
Back to top
View user's profile Send private message
TheSorc3r3r
I post too much
Reputation: 0

Joined: 06 Sep 2006
Posts: 2404

PostPosted: Sun Oct 15, 2006 1:46 pm    Post subject: Re: [Tutorial] Beginning Assembly Language Reply with quote

Deine Mutter wrote:
Thank you so much, this is a very good tut (better than the google-shit), after reading that i learned many things ..

But one question:

Code:
[ENABLE]
registersymbol(Godmode)
alloc(Godmode, 1024)


Godmode:
mov edi, [755a4c]
cmp [edi+18], 00
je 614ff7
jmp 6558ad
mov eax, [-99999]
 
[DISABLE]
unregistersymbol(Godmode)
dealloc(Godmode)



This code doesn't use debug registers, or?

And can i use the same way for super tubie, because super tubi is zf twice .. is there a difference?


You have to use a debug register to activate it; read a little further down.

_________________


Don't laugh, I'm still learning photoshop!
Back to top
View user's profile Send private message
ZacTheSin
I post too much
Reputation: 6

Joined: 09 May 2006
Posts: 2657

PostPosted: Sun Oct 15, 2006 1:46 pm    Post subject: Reply with quote

+ Rep
_________________
If someone helps you, why not Rep them?
Back to top
View user's profile Send private message
malcomb101
Expert Cheater
Reputation: 0

Joined: 16 May 2006
Posts: 167

PostPosted: Sun Oct 15, 2006 2:21 pm    Post subject: Reply with quote

To activate the godmode script can you just do like
Code:
jmp 614a0c
mov eip, godmode
or will that not work?

Edit: nvm, i just realized even if i put in that code there is no way it would be accessed to change the eip for the godmode address to read the code unless I went and changed the eip for some address to go read the code. If that didn't make any sense just ignore me, i figured out why i'm stupid.


Last edited by malcomb101 on Sun Oct 15, 2006 2:26 pm; edited 1 time in total
Back to top
View user's profile Send private message
DeadOrAlive
I post too much
Reputation: 0

Joined: 12 Apr 2006
Posts: 4852
Location: Inactive

PostPosted: Sun Oct 15, 2006 2:23 pm    Post subject: Reply with quote

did u make this for exploits only
Back to top
View user's profile Send private message
thiefsin1234
Expert Cheater
Reputation: 0

Joined: 25 Feb 2006
Posts: 158

PostPosted: Sun Oct 15, 2006 2:36 pm    Post subject: Reply with quote

very well done, great tut for those of us who are trying to learn ^^
+rep
Back to top
View user's profile Send private message
TheSorc3r3r
I post too much
Reputation: 0

Joined: 06 Sep 2006
Posts: 2404

PostPosted: Sun Oct 15, 2006 2:37 pm    Post subject: Reply with quote

malcomb101 wrote:
To activate the godmode script can you just do like
Code:
jmp 614a0c
mov eip, godmode
or will that not work?

Edit: nvm, i just realized even if i put in that code there is no way it would be accessed to change the eip for the godmode address to read the code unless I went and changed the eip for some address to go read the code. If that didn't make any sense just ignore me, i figured out why i'm stupid.


Not only that, you can't mov eip in AA (unless you bypass this or that Rolling Eyes )

Quote:
did u make this for exploits only


Obviously not, because I released it here Wink . Thought it would help people here as well.

Quote:
very well done, great tut for those of us who are trying to learn ^^
+rep


Thanks Smile

_________________


Don't laugh, I'm still learning photoshop!
Back to top
View user's profile Send private message
Mitta
Expert Cheater
Reputation: 0

Joined: 19 Apr 2006
Posts: 195
Location: Behind my computer DUH

PostPosted: Sun Oct 15, 2006 2:58 pm    Post subject: Reply with quote

Nicely done now atleast I know where to start Wink keep up the good work.

gr,
mitta

_________________
Yes i leeched my methode to hack but haven`t we all indirectly. But I am different from other noobs because im willing to learn and create my own stuff.

[TUTORIAL] How to run MS twice on 1 computer using VMware
Back to top
View user's profile Send private message
Rajinn
I post too much
Reputation: 0

Joined: 02 Aug 2006
Posts: 3072

PostPosted: Sun Oct 15, 2006 3:11 pm    Post subject: Reply with quote

trying mov eip will result in an error, its unrecognized. it is a debugger option that gives the same effect as a jump statement, with this in mind, you could do jmp ****** instead of mov eip ******
you cannot do jmp ****** without a bypass.

_________________
Back to top
View user's profile Send private message
Splizes
Grandmaster Cheater Supreme
Reputation: 0

Joined: 21 Jun 2006
Posts: 1944
Location: Florida

PostPosted: Sun Oct 15, 2006 3:23 pm    Post subject: Reply with quote

TheSorc3r3r You make me sad... I wouldnt have helped you if I knew it wouldve been released here (I know I sound like a dick dont I). Seriously I thought this was for exploits only.

You fail me.
Back to top
View user's profile Send private message
T3hLatin
Master Cheater
Reputation: 0

Joined: 26 Jul 2006
Posts: 277

PostPosted: Sun Oct 15, 2006 3:27 pm    Post subject: Reply with quote

Extremely well explained. Good job bro.
+rep
Back to top
View user's profile Send private message
Skyone
Grandmaster Cheater
Reputation: 0

Joined: 10 Sep 2006
Posts: 508

PostPosted: Sun Oct 15, 2006 3:30 pm    Post subject: Reply with quote

???

Last edited by Skyone on Wed Dec 23, 2009 9:08 am; edited 7 times in total
Back to top
View user's profile Send private message AIM Address MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Goto page 1, 2, 3, 4, 5, 6, 7  Next
Page 1 of 7

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites