Quote:
[Originally Posted by alim2201;90079]...i cant analize it in my mind
which instrction is case,repeat,..... |
I keep 2 books close at hand when I am reversing. One is the Win32 Programming API Bible and the other is the MASM programmer's reference, which has a handy ASCII chart as well (yes...I actually bought MASM at one time).
Of course, it is vital to download the Intel Assembly reference literature, which explains in detail how Assembly works, both as software and hardware. Iczelion's assembly tutes, or equivalent, help as well. Stay away from a book by Horowitz titled (I think), The Art of Assembly. He has managed to confuse the language completely.
Each time I encounter an Assembly instruction I'm not sure about, I look it up. If you take a piece of code, and dissect it one instruction at a time, you'll soon get used to what is going on. Of course, the compliler adds code at the beginning of sections that doesn't make a lot of sense till you understand what it is doing. After a while, you can just ignore the first few steps of code and get right into what is going on.
It is vital to understand how functions are called in the C based language and how parameters are pushed onto the stack, and retrieved by the RET instruction. You can read about that almost anywhere on the Net. Also, there are various jump and call functions with many different formats.
I think object-oriented programming is a curse on mankind. If you have been trained in that nonsense, without understanding there is actually real hardware it is hiding, you will be lost in understand Assembly. Assembly is related to hardware, not some abstraction like a container or an object. Go to the Intel site and find their excellent volumes on the Assembly language. Those manuals will help you understand how Assembly relates to a REAL processor.
If you want to really understand Assembly you MUST learn how a processor works. You MUST understand registers, interrupts, busses, memory, etc. Processors run on machine language, which is codes developed from 1's and 0's. In a processor, the 1's and 0's are voltages and that's all a processor can understand.
Machine language is essentially binary, but it is easier to understand binary string using hexadecimal. Each hexadecimal code represents an instruction in a processor and Assembler is nothing more than a collection of hexadecimal instructions. For each instruction like JMP, ADD, RET, etc., there is an equivalent hexadecimal code.
A big mistake made by people using a debugger or a disassembler is leaving the code turned off. In IDA, for example, the code can be turned on so that you can see the Assembly code for each instruction. I don't know how Olly works, but with softice, you can turn the codes on and off.