WARNING: Wiki content is an archive, no promise about quality!
Please choose a tutorial page:
- Fundamentals -- Information about C
- Tools
- Registers
- Simple Instructions
- Example 1 -- SC CDKey Initial Verification
- Example 2 -- SC CDKey Shuffle
- Example 2b -- SC CDKey Final Decode
- The Stack
- Functions
- Example 3 -- Storm.dll SStrChr
- Assembly Summary
- Machine Code
- Example 4 -- Smashing the Stack
- Cracking a Game
- Example 5 -- Cracking a game
- Example 6 -- Writing a keygen
- .dll Injection and Patching
- Memory Searching
- Example 7 -- Writing a cheat for Starcraft (1.05)
- Example 7 Step 1 -- Displaying Messages
- Example 7 Step 1b -- Above, w/ func ptrs
- Example 7 Final
- Example 8 -- Getting IX86.dll files
- 16-bit Assembly
- Example 9 -- Keygen for a 16-bit game
- Example 10 -- Writing a loader
This section will discuss more detail about how an executable file full of hex becomes assembly, and what happens to that hex once it's loaded in memory.
Machine Code
Machine code is simply an encoding of assembly language. Every assembly instruction has one or more bytes of machine code instructions associated with it, and that sequence of bytes translates to exactly one assembly instruction. The relationship is 1:1, by definition.
This is different than the relationship between C and assembly. A sequence of C commands can translate to a variety of assembly instructions, and a sequence of assembly instructions can translate to C commands. There is no strong relationship.
Here is what some machine code might look like:
53 8b 54 24 08 31 db 89 d3 8d 42 07
Obviously, that's nothing that any normal human can read. However, when converted to assembly, it looks like this:
53 push ebx
8B 54 24 08 mov edx, [esp+arg_0]
31 DB xor ebx, ebx
89 D3 mov ebx, edx
8D 42 07 lea eax, [edx+7]
To show the machine code in IDA, in the settings tab find the "opcode bytes" setting and change it to 6 or 8.
Generally, if you need to find out the machine language opcodes for an instruction, either looking online or compiling/disassembling a program is the easiest way to go about it. A good reference book can be found here, which can also be ordered for free in hard copy.
Some opcodes, however, are so important that they should be committed to memory. These are listed below. Note that parameters for the jumps are signed, relative jumps. That is, "74 10", for example, would jump 0x10 bytes ahead of the current instruction, and 0xF0 would jump 0x10 bytes backwards.
| 74 xx | je |
| 75 xx | jnz |
| eb xx | jmp |
| e9 xx xx xx xx | jmp |
| e8 xx xx xx xx | call |
| c3 | ret |
| c2 xx xx | ret xxxx |
| 90 | nop |
The section on cracking will explain why these opcodes are important.
Questions
Feel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists.