Assembler for newbies #1 - by woody^drn

Hey ... okay well I'll try to explain the basics of assembler coding to
ya. If you try to open a .exe file in notepad or whatever, you'll see
alot of wierd shit, that's ascii ! if you take those ascii chars and
convert them into hex, those hex numbers converted into opcodes
is assembler ;) confused ?? :) good heh

Lets make some examples ...

401000 mov ecx,100
401010 dec ecx
401020 test ecx,ecx
401030 jnz 401010

This means .. move 100 into ecx. decrese ecx with one, test if ecx is
zero jump if it's not zero. There are *alot* of different opcodes that
actually does the same, like jg and ja, jl and jb ..
jg means jump if greater, ja means jump if above, jl jump if lower,
jb jump if below .. you can use jng for the opposite, jump if not
greater, which is the same as jl and jb. The only thing that's different
using these commands, is that some of them turns on some flags.
Like if you use the command ja it will jump if the c- or the
z-flag is set. You don't really have to know this to crack, the only
opcodes you really need to know is:

call, je, jne, jmp, test, mov, ret and cmp. We could make the same
example again using these commands.

401000 mov ecx,100
401010 call 401050
401020 cmp ecx,0
401030 jne 401010
401040 jmp 401070
401050 dec ecx
401060 ret
401070 .... finished!

What is does here is ... move 100 into ecx. call 401050, dec ecx with
1 and return to the line after the call. compare ecx with 0, if ecx
isn't 0 (jump if not equal, jne) goto line 401010 and call again.
It will do this until ecx is 0, after that it will jump to 401070.

easy right ?? if not .. don't read anymore, cause you wont understand
it :) well a good thing to have is ralf browns interrupt lists, he
describes every single int. there is. Lets make a program that makes
the mouse pop up :) we take a look in ralf browns int. lists and now
we know that int 33h is the mouse interrupt.

We're going to use the compiler tasm, a nice little dos asm compiler :)
I wont go into details in every single opcode but here is how you start
a tasm .exe program. Make a new file called mouse.asm, and start
editing:

DosSeg
  .Model Small
  .Stack 200h

okay .... model small just means that it's a small program ;)
and the .stack 200h is how much we want for our variables.

  .Data
    Author db 'woody$'
  .Code

we don't really need this to make this program, but now you know that
this is the place to put the vars. First the .data section so the
compiler knows that the vars comes next.
author db 'woody$', author is the variable name and db is the type of
the var. db means databyte i think ;) can't really remember this.
allways end the databyte with a $, it's like a NULL in c++ or whatever.

.code section .. the compiler know that our code comes next.
now we're ready for some labels, the compiler needs a label so it
knows where to set the entry point. This is done like this:

start:
...
...
...
end start

the label start, the compiler sets the entry point to this place, but
it also needs an ending and that's end start ... like in c++
main void(main) {
...
...
} easy isn't it ;)
or what about in pascal ... begin  .... end. Every coding language
there is basicly uses this.

In ralf browns int. list it says:

int 33h mouse interrupt
ax : 0001h = show mouse
ax : 0002h = hide mouse
ax : 0005h = return button status
             if ax = 0h left mouse button is pressed
             if ax = 1h right mouse button is pressed
             if ax = 2h middle mouse button is pressed

well lets put in the code for the mouse program :)

dosseg
  .model small
  .stack 200h
  .code

start:
  mov ax,0001h     ; show the mouse cursor
  int 33h          ; call the mouse interrupt
again:
  mov ax,0005h     ; get ready for return button status
  int 33h
  text ax,ax       ; is ax 0 (left mouse button is pressed)
  jnz again        ; jump to again if ax isn't 0
  mov ax,0002h     ; hide the cursor
  int 33h
  mov ax,4c00h     ; terminate the program
  int 21h          ; call dos interrupt
end start

okay that was easy, so what it does is show the mouse cursor, loop the
code until left mouse button is pressed. After that hide the cursor
and terminate the program.

This may look a little strange to you but it's quite easy.
Ax, bx, cx and dx is the data register, bx and dx is usually used for
storage. Cx is mainly used as a couter, but can be used for storage as
well. Ax can be used for storage and all the other things, usually used
for returning values after calls.

All data registers can be split into two pieces:

ax = al+ah. example :

mov al,05h
mov ah,01h

Now ax would be 0105h, 'al' is a(low) and 'ah' is a(high). And you can
do the same with bx,cx and dx. Well I think I've covered the data
registers by now ;) there is also index registers:

Sp, bp, si and di

Si is a source index and Di is a destination index, si and si works like
index registers in block instructions, in other cases you can use them
as data registers.

Sp is a stack pointer and bp is a base pointer, and they are used as
stack index registers ... phreew, you following me ?? ;)

There is also (no kidding ;) heh) segment registers :)
Cs, ss, ds and es, these holds the segment address for the code segment,
stack segment, data segment and an extra segment too!

I'd better come up with a example for this shit, else you wont
understand any of this ;)

dosseg
  .model small
  .stack 200h
  .data
    author db 'woody 2000$'
  .code

start:
  mov ax,seg author       ; get the segment of author
  mov ds,ax               ; set the segment of ax into the data segment
  mov dx,offset author    ; get the offset (ascii) table of author
  
  mov ah,09h              ; dos function print character
  int 21h                 ; execute dos function
  mov ax,4c00h            ; get ready to terminate the program
  int 21h                 ; execute ...
end start

This little program writes the text 'woody 2000' on the screen.
mail me if you don't understand this ....

All this shit is 16bit, in windows it's 32bit (so they say ;) heh) and
the registers is expanded to eax, ebx, ecx, edx and so on ..
e(ax), e(bx) ... but when you know how this works, you should be a
better cracker by now :) heh.

That's all for now ... I'll make more asm for newbies in vaczine #5 :)


-wOODY^dRN