Jump to content

Welcome to NulledBlog
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

My Assembly Guide

Assembly Programming Code Patching

  • Please log in to reply
60 replies to this topic

#21
dragonhd193

  • Offline
  • Lurker

  • Pip
  • Posts:
    2
    Reputation:
    0
    Joined:
    23 Sep, 2015

Thank You very


  • 0

#22
accchinh1111

  • Offline
  • New Member

  • PipPip
  • Posts:
    20
    Reputation:
    2
    Joined:
    23 Sep, 2015

thanks you 


  • 0

#23
accchinh1111

  • Offline
  • New Member

  • PipPip
  • Posts:
    20
    Reputation:
    2
    Joined:
    23 Sep, 2015

thanks you 


thanks you 


  • 0

#24
tokagonew

  • Offline
  • New Member

  • PipPip
  • Posts:
    18
    Reputation:
    11
    Joined:
    21 Sep, 2015

nice man . tks you  :)  :)


  • 0

#25
kalaway

  • Offline
  • NubSayBot

  • PipPipPip
  • Posts:
    29
    Reputation:
    1
    Joined:
    23 Sep, 2015

Good guide ! Thank you very much. I really apreciate.


  • 0

559227402a7376e10528ceed91fd2dd9-d7a4xam

Don't Forget to Have Fun !


#26
heere

  • Offline
  • New Member

  • Posts:
    23
    Reputation:
    0
    Joined:
    27 Aug, 2015

Instructions: Instructions are the operation of the processor (CPU) determined by its instruction set.

Instruction Set: An instruction set is a group of instructions that the CPU can execute (reference: instructions)

Now: Let me start off with some basic instructions.
[mov - move]
[add - arithmetic add]
[sub - arithmetic subtract]
[jmp - jump, jumps to a code location(even for conditional jumps)]
[jne - jump if not equal]
[je - jump if equal]
[ja - jump if the condition is above]
[jb - jump if the condition is below] - Literally, if you view an application in a disassembler it means if the condition is above or below the jumping address
[cmp - compare]
[test - this performs an AND conditional, if both the operands/registers are non-zero then the condition becomes true]
[push - pushes a value/address onto the stack]
[pop - pops a value/address from the stack]
[inc - increase/increment]
[dec - decrease/decrement]
[ret - return]
[call - calls a subroutine/function]
I didn’t include all the instructions, nor all the jump instructions either

mov eax,ecx; this moves the address at the register ecx into eax
[assembly comments are after the terminator/semicolon “;” and are ignored by the compiler]


add [ecx], 0xFF; this adds the value 255(decimal) to the value of the ecx register, that’s what 255 is in hexadecimal
add [ecx], 255; you can do this as well

register - no brackets = the address of the register
[register] - brackets = value of the register

As you can see the instructions are used here and they’re complemented by an operation. So think of it like this:
add = instruction
add eax,15 = complement of the instruction making it an operation code
mov [eax+15], 0x00; this moves the value 0 into eax and offsets it 15 places from the location

Register: Registers for now, are basically storage units to place values (EAX,EBX,ECX,EDX,EDI,ESI,ESP,EBP)
Stack: Keeping it basic, storage for where the registers are pushed/popped, It's a Last In First Out structure.


Now lets make this more of a program shall we? (I’m not going to include all of the data definitions but you’ll still understand it)
This is a simple register check

add [eax], 100
cmp [eax],100
je successful; if the comparison is not successful then it skips over this
cmp [eax],100
jne fail

successful:
ccall [printf],”good”; printf is C
ccall [ExitProcess]

fail:
ccall [ExitProcess]; Immediately exits the process


Memory Address: Really, it’s just a data-type
Memory Regions:
.data is where most of the variables would go
.code/.text is where the executable routines of the program are located
.idata is where data/libraries are imported

 

Quick App Patching:
Tool you need: Cheat Engine
App to be patched: http://crackmes.de/u...ou_can/download
Open the application and attach cheatengine to the process, do a referenced string scan
Go to the reference for “You got it.” (not the actual string)
You should see this: http://puu.sh/atK28/316e225f19.png
Change the je to jne
remember je = jump if equal

jne = jump if not equal

We’re changing it to jump if not equal because it will jump to SUCCESS if the key isn’t correct. If it was jump if equal then it would only jump if the key was right.
Think of this as like an if condition.

 

Nice guide, 


  • 0

#27
hoangha02

  • Offline
  • Member

  • PipPipPip
  • Posts:
    31
    Reputation:
    11
    Joined:
    26 Sep, 2015

oh ! Great


  • 1

Gone with the wind


#28
whatdoyou1

  • Offline
  • New Member

  • PipPip
  • Posts:
    22
    Reputation:
    9
    Joined:
    07 Oct, 2015

ty


  • 2

#29
lilshady

  • Offline
  • Member

  • Posts:
    26
    Reputation:
    20
    Joined:
    20 Sep, 2015

i'm trying it now


  • 1

#30
brolykeepo

  • Offline
  • Member

  • PipPipPip
  • Posts:
    39
    Reputation:
    6
    Joined:
    18 Oct, 2015

Very nice guide!


  • 0



Also tagged with one or more of these keywords: Assembly, Programming, Code, Patching

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users