Assembler for newbies #1 - by woody^drn Hey ... okay well I'll try to explain the basics of assembler coding to ya. If you try to open a .exe file in notepad or whatever, you'll see alot of wierd shit, that's ascii ! if you take those ascii chars and convert them into hex, those hex numbers converted into opcodes is assembler ;) confused ?? :) good heh Lets make some examples ... 401000 mov ecx,100 401010 dec ecx 401020 test ecx,ecx 401030 jnz 401010 This means .. move 100 into ecx. decrese ecx with one, test if ecx is zero jump if it's not zero. There are *alot* of different opcodes that actually does the same, like jg and ja, jl and jb .. jg means jump if greater, ja means jump if above, jl jump if lower, jb jump if below .. you can use jng for the opposite, jump if not greater, which is the same as jl and jb. The only thing that's different using these commands, is that some of them turns on some flags. Like if you use the command ja it will jump if the c- or the z-flag is set. You don't really have to know this to crack, the only opcodes you really need to know is: call, je, jne, jmp, test, mov, ret and cmp. We could make the same example again using these commands. 401000 mov ecx,100 401010 call 401050 401020 cmp ecx,0 401030 jne 401010 401040 jmp 401070 401050 dec ecx 401060 ret 401070 .... finished! What is does here is ... move 100 into ecx. call 401050, dec ecx with 1 and return to the line after the call. compare ecx with 0, if ecx isn't 0 (jump if not equal, jne) goto line 401010 and call again. It will do this until ecx is 0, after that it will jump to 401070. easy right ?? if not .. don't read anymore, cause you wont understand it :) well a good thing to have is ralf browns interrupt lists, he describes every single int. there is. Lets make a program that makes the mouse pop up :) we take a look in ralf browns int. lists and now we know that int 33h is the mouse interrupt. We're going to use the compiler tasm, a nice little dos asm compiler :) I wont go into details in every single opcode but here is how you start a tasm .exe program. Make a new file called mouse.asm, and start editing: DosSeg .Model Small .Stack 200h okay .... model small just means that it's a small program ;) and the .stack 200h is how much we want for our variables. .Data Author db 'woody$' .Code we don't really need this to make this program, but now you know that this is the place to put the vars. First the .data section so the compiler knows that the vars comes next. author db 'woody$', author is the variable name and db is the type of the var. db means databyte i think ;) can't really remember this. allways end the databyte with a $, it's like a NULL in c++ or whatever. .code section .. the compiler know that our code comes next. now we're ready for some labels, the compiler needs a label so it knows where to set the entry point. This is done like this: start: ... ... ... end start the label start, the compiler sets the entry point to this place, but it also needs an ending and that's end start ... like in c++ main void(main) { ... ... } easy isn't it ;) or what about in pascal ... begin .... end. Every coding language there is basicly uses this. In ralf browns int. list it says: int 33h mouse interrupt ax : 0001h = show mouse ax : 0002h = hide mouse ax : 0005h = return button status if ax = 0h left mouse button is pressed if ax = 1h right mouse button is pressed if ax = 2h middle mouse button is pressed well lets put in the code for the mouse program :) dosseg .model small .stack 200h .code start: mov ax,0001h ; show the mouse cursor int 33h ; call the mouse interrupt again: mov ax,0005h ; get ready for return button status int 33h text ax,ax ; is ax 0 (left mouse button is pressed) jnz again ; jump to again if ax isn't 0 mov ax,0002h ; hide the cursor int 33h mov ax,4c00h ; terminate the program int 21h ; call dos interrupt end start okay that was easy, so what it does is show the mouse cursor, loop the code until left mouse button is pressed. After that hide the cursor and terminate the program. This may look a little strange to you but it's quite easy. Ax, bx, cx and dx is the data register, bx and dx is usually used for storage. Cx is mainly used as a couter, but can be used for storage as well. Ax can be used for storage and all the other things, usually used for returning values after calls. All data registers can be split into two pieces: ax = al+ah. example : mov al,05h mov ah,01h Now ax would be 0105h, 'al' is a(low) and 'ah' is a(high). And you can do the same with bx,cx and dx. Well I think I've covered the data registers by now ;) there is also index registers: Sp, bp, si and di Si is a source index and Di is a destination index, si and si works like index registers in block instructions, in other cases you can use them as data registers. Sp is a stack pointer and bp is a base pointer, and they are used as stack index registers ... phreew, you following me ?? ;) There is also (no kidding ;) heh) segment registers :) Cs, ss, ds and es, these holds the segment address for the code segment, stack segment, data segment and an extra segment too! I'd better come up with a example for this shit, else you wont understand any of this ;) dosseg .model small .stack 200h .data author db 'woody 2000$' .code start: mov ax,seg author ; get the segment of author mov ds,ax ; set the segment of ax into the data segment mov dx,offset author ; get the offset (ascii) table of author mov ah,09h ; dos function print character int 21h ; execute dos function mov ax,4c00h ; get ready to terminate the program int 21h ; execute ... end start This little program writes the text 'woody 2000' on the screen. mail me if you don't understand this .... All this shit is 16bit, in windows it's 32bit (so they say ;) heh) and the registers is expanded to eax, ebx, ecx, edx and so on .. e(ax), e(bx) ... but when you know how this works, you should be a better cracker by now :) heh. That's all for now ... I'll make more asm for newbies in vaczine #5 :) -wOODY^dRN