My Assembly Guide

[dragonhd193]

Thank You very

[pruned_52940758]

thanks you 

[pruned_52940758]

thanks you 

thanks you 

[pruned_5053788]

nice man . tks you   

[kalaway]

Good guide ! Thank you very much. I really apreciate.

[heere]

Instructions: Instructions are the operation of the processor (CPU) determined by its instruction set.

Instruction Set: An instruction set is a group of instructions that the CPU can execute (reference: instructions)

Now: Let me start off with some basic instructions.
[mov - move]
[add - arithmetic add]
[sub - arithmetic subtract]
[jmp - jump, jumps to a code location(even for conditional jumps)]
[jne - jump if not equal]
[je - jump if equal]
[ja - jump if the condition is above]
[jb - jump if the condition is below] - Literally, if you view an application in a disassembler it means if the condition is above or below the jumping address
[cmp - compare]
[test - this performs an AND conditional, if both the operands/registers are non-zero then the condition becomes true]
[push - pushes a value/address onto the stack]
[pop - pops a value/address from the stack]
[inc - increase/increment]
[dec - decrease/decrement]
[ret - return]
[call - calls a subroutine/function]
I didn’t include all the instructions, nor all the jump instructions either

mov eax,ecx; this moves the address at the register ecx into eax
[assembly comments are after the terminator/semicolon “;” and are ignored by the compiler]


add [ecx], 0xFF; this adds the value 255(decimal) to the value of the ecx register, that’s what 255 is in hexadecimal
add [ecx], 255; you can do this as well

register - no brackets = the address of the register
[register] - brackets = value of the register

As you can see the instructions are used here and they’re complemented by an operation. So think of it like this:
add = instruction
add eax,15 = complement of the instruction making it an operation code
mov [eax+15], 0x00; this moves the value 0 into eax and offsets it 15 places from the location

Register: Registers for now, are basically storage units to place values (EAX,EBX,ECX,EDX,EDI,ESI,ESP,EBP)
Stack: Keeping it basic, storage for where the registers are pushed/popped, It's a Last In First Out structure.


Now lets make this more of a program shall we? (I’m not going to include all of the data definitions but you’ll still understand it)
This is a simple register check

add [eax], 100
cmp [eax],100
je successful; if the comparison is not successful then it skips over this
cmp [eax],100
jne fail

successful:
ccall [printf],”good”; printf is C
ccall [ExitProcess]

fail:
ccall [ExitProcess]; Immediately exits the process


Memory Address: Really, it’s just a data-type
Memory Regions:
.data is where most of the variables would go
.code/.text is where the executable routines of the program are located
.idata is where data/libraries are imported

 

Quick App Patching:
Tool you need: Cheat Engine
App to be patched: http://crackmes.de/u...ou_can/download
Open the application and attach cheatengine to the process, do a referenced string scan
Go to the reference for “You got it.” (not the actual string)
You should see this: http://puu.sh/atK28/316e225f19.png
Change the je to jne
remember je = jump if equal

jne = jump if not equal

We’re changing it to jump if not equal because it will jump to SUCCESS if the key isn’t correct. If it was jump if equal then it would only jump if the key was right.
Think of this as like an if condition.

 

Nice guide, 

[hoangha02]

oh ! Great

[whatdoyou1]

ty

[pruned_5175392]

i'm trying it now

[brolykeepo]

Very nice guide!