Assembly Language Basics Tutorial

[Nytro]

Assembly Language Basics Tutorial

-------------------------------------

By Aro

*Intro: Hey it's Aro and this is my first tutorial. In this basic assembly tutorial shows basics things you need to know. I had this Idea that there is other people like me who are still learning and want someone to learn with to I made this tutorial for people to learn along with me so we can all spread information. If anyone who knows about assembly please correct if there is anything wrong in my tutorial. I need feedback it will let me know what I need to do to be better.

Hope you like it Aro.

This tutorial contains the following information:

*System Organization Basics

*CPU

*CPU Registers

*Stack

System Organization Basics:

--------------------------------------------------------------------------------------------------

CPU (aka Central Processing Unit):

------------------------------------------------------------------------------------------------------

*Control Unit: Retrieve/Decode instructions,Retrieve / Storeage data in memory.

*Execution Unit: Acually Exectution of instruction.

*Register: Internal memory locations used as variables.

*Flags: Used to indicate various "event" when exectution is happening.

CPU Registers:

-------------------------------------------------------------------------------------------------------------------------------------------------

Registers are internal memory locations used as variables. A register is 32 bits long or 4 bytes there are 8 registers. EAX, EBX, ECX, EDX,

ESI, EDI, ESP, and EBP.

The "E" in the beginning of all the registers indicates that it is a 32 bit register.

General Purpose Registers

--------------------------------------------------------------------------------------

*EAX (Accumulator Register) : General used for storing operands and result data

*EBX (Base Register): Used for storing pointers to data. Only register that can be used as an index

*ECX (Counter Register): Used for loop operations.

*EDX (Data Register): Used as a input outup pointer.

*ESI, EDI (Pointer)- Data Pointer Registers from memory operations, generally used for string operations.

*ESP (Pointer): Stack Pointer Register.

*EBP (Pointer): Stack Data Pointer Register.

32 bit registers can be split into 16 bit. In 16 bit programs only the lowest bits of the registers are used. They have the same names as general registers but without the "E"

example:

AX, EX, CX, DX, SI, DI, SP, BP.

The 16 bit register can be spit into highbyte and lowbyte.

example:

EAX is 32 bit, AX is the lowest 16 bit of EAX and then the AX could be split

into AH (highbyte) and AL (lowbyte) which are one byte in size.

Segment Registers

--------------------------------------------------------------------------------------

*CS (Code segment) - 16 bit number that points to a active code-segment

*DS (Data segment) - 16 bit number that points to a active data-segment

*SS (Stack segment - 16 bit number that points to a active stack-segment

*ES (Extra segment) - 16 bit number that points to a active extra segment

*EIP (32 bit intruction pointer) points to the instruction being done.

*A control register is a processor register which changes or controls the general behavior of a CPU or other digital device. Common tasks

performed by control registers include interrupt control, switching the addressing mode, paging control, and coprocessor control. Check

http://en.wikipedia.org/wiki/Control_register for more information.

Virtual Memory Model:

Every process is laid out in the same virtual memory space, it doesn't matter what the the actual memory location. Every process that runs in

the system seems like its running independently. There is a security feature in Linux 2.6 and higher that's called "randomize_va_space" this feature

protects against Buffer Overflows. randomize_va_space uses space randomization if enabled to 1 (true), which is default to disable it change it to 0 (false). This will be helpful to practice on buffer overflows.

If you have windows don't do this though I recommend you to get Linux such as Ubuntu (even a live CD) it would help if you really want to get good at this. But if you want to get a dissembler get NASM for windows.

To disable the linux patch(Only do the stuff above if you want or going to practice doing buffer overflow attacks):
      cat/proc/sys/kernel/randomize_va_space
      echo 0 > /proc/sys/kernel/randomize_va_space
      cat /proc/sys/kernel/randomize_va_space

Only do the stuff above if you want or going to practice doing buffer overflow attacks.^^^

Program Memory:

--------------------------------------------------------------------------------------------

*The first segment is the .text segment. This segment cotains the actual program the execuable instructions are located here.

*The second segment is the .data. This is where any data that has been initalized with a value is held.

example:

.data

Int32:

.int 2

*The third segment is the .bss. This is where unused data is held.

example:

.bss

.comm Buffer, 1024

*The third segment is the heap. The heap is where the virtual memory space is located.

*The fourth segment is just unused memory.

*The firth segment is the Stack which is general used for storing function arguments and local variables. The stack is located in the highest memory location possible. It general goes down the memory from highest to lowest memory. The stack is last in first out data structure otherwise know as a LIFO (Last in First Out).

The Stack

-------------------------------------------------------------------------------------------------------------------------

As I said before. A stack is a temporary storage unit in computer memory where function arguments and local variables are stored. The LIFO Principle is last value you put in the first it comes out. Just imagine you have a stack of papers when I wanted my teach to correct my test first I would wait until everybody finished so when I put in my test on her desk I can sneak a peek on my score or how many red marks are on my test when she starts correcting it when we walk out of class.

When you PUSH two values on the stack you will get the last one first because of that method.

PUSH - pushes value on stack

POP - removes from stack

ESP - Points to stack

Example of LIFO Principle REMEMBER MUST KNOW LIFO:

Right here is a example of a stack. The ESP register holds 0x000008 which is the top of the stack.

example: ESP 0x0000008

The stack adds a new value (0x0000007) and (0x0000006) using the PUSH operation.

example: PUSH 0x0000007

PUSH 0x0000006

Now we update the ESP pointer to the top of the stack to the address 0x00000006.

example: ESP 0x0000006

Now we use the POP operation to take that value of the stack. Which removes that last operation put into the stack (LIFO REMEMBER).

example: POP 0x00000006

Next we have to update the ESP pointer to value 0x0000007.

example: ESP 0x00000007

Next we have to POP the last first value we put in off the stack. (LIFO)

example: POP 0x00000007

Finally we update the ESP pointer register to the top of the stack.

example: ESP 0x0000008

Now I hope you understand the LIFO Principle if you don't, leave a question. Or Google.com its the best hacking site.

If you don't understand or I explained something wrong leave a message. Someone who knows Assembly or I will hopefully answer. I'll write part two later. Please leave feed back good or bad. I don't care. I need to get better. Assembly Language Basics Tutorial

Aro Out