Difference between revisions of "Assembler"

From Cheat Engine
Jump to navigation Jump to search
(Opcodes)
(Flags)
Line 30: Line 30:
 
There are 32 bits available for the 17 EFlags. Missing bits in this list are not a mistake, some flags temporarily use their neighbours.<br>
 
There are 32 bits available for the 17 EFlags. Missing bits in this list are not a mistake, some flags temporarily use their neighbours.<br>
 
ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF<br>
 
ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF<br>
<br>
+
 
Bit: Flag - description<br>
+
{| class="gallery" style="background-color:#f4f4f4"
00: '''CF''' Carry Flag – becomes one if an addition, multiplication, AND, OR, etc results in a value larger than the register meant for the result.<br>
+
|+ Flags
02: '''PF''' Parity Flag – becomes 1 if the lower 8-bits of an operation contains an even number of 1 bits.<br>
+
! Bit !! Flag !! Description
04: '''AF''' Auxiliary Flag Set on a carry or borrow to the value of the lower order 4 bits.<br>
+
|-
06: '''ZF''' Zero Flag – becomes 1 if an operation results in a 0 writeback, or 0 register.<br>
+
|00
07: '''SF''' Sign Flag – is 1 if the value saved is negative, 0 for positive.<br>
+
|'''CF''' Carry Flag
08: '''TF''' Trap Flag – allows for the stopping of code within a segment (allows for single stepping/debugging in programming).<br>
+
|Becomes one if an addition, multiplication, AND, OR, etc results in a value larger than the register meant for the result.
09: '''IF''' Interrupt Flag – when this flag is set, the processor begins 'listening' for external interrupts.<br>
+
|-
10: '''DF''' Direction Flag – determines the direction to move through the code (specific to repeat instructions).<br>
+
|02
11: '''OF''' Overflow Flag – becomes 1 if the operation is larger than available space to write (eg: addition which results in a number >32-bits).<br>
+
|'''PF''' Parity Flag
12-13: '''IOPL''' I/O Privilege Level 2-bit register specifying which privilege level is required to access the IO ports<br>
+
|Becomes 1 if the lower 8-bits of an operation contains an even number of 1 bits.
14: '''NT''' Nested Task – becomes 1 when calls within a program are made.<br>
+
|-
16: '''RF''' Resume Flag – stays 1 upon a break, and stays that way until a given 'release' or resume operation/command occurs.<br>
+
|04
17: '''VM''' Virtual Machine 8086 – becomes a 1 if the processor is to simulate the 8086 processor (16-bit).<br>
+
|'''AF''' Auxiliary Flag
18: '''AC''' Alignment Check – checks that a file or command is not breaking its privilege level.<br>
+
|Set on a carry or borrow to the value of the lower order 4 bits.
19: '''VIF''' Virtual Interrupt Flag – almost always set in protected mode, listening for internal and assembling interrupts.<br>
+
|-
20: '''VIP''' Virtual Interrupt Pending 1 if a virtual interrupt is yet to occur.<br>
+
|06
21: '''ID''' ID Flag – is set if a CPU identification check is pending (used in some cases to ensure valid hardware).<br>
+
|'''ZF''' Zero Flag
 +
|Becomes 1 if an operation results in a 0 writeback, or 0 register.
 +
|-
 +
|07
 +
|'''SF''' Sign Flag
 +
|Is 1 if the value saved is negative, 0 for positive.
 +
|-
 +
|08
 +
|'''TF''' Trap Flag
 +
|Allows for the stopping of code within a segment (allows for single stepping/debugging in programming).
 +
|-
 +
|09
 +
|'''IF''' Interrupt Flag
 +
|When this flag is set, the processor begins 'listening' for external interrupts.
 +
|-
 +
|10
 +
|'''DF''' Direction Flag
 +
|Determines the direction to move through the code (specific to repeat instructions).
 +
|-
 +
|11
 +
|'''OF''' Overflow Flag
 +
|Becomes 1 if the operation is larger than available space to write (eg: addition which results in a number >32-bits).
 +
|-
 +
|12-13
 +
|'''IOPL''' I/O Privilege Level
 +
|2-bit register specifying which privilege level is required to access the IO ports
 +
|-
 +
|14
 +
|'''NT''' Nested Task
 +
|Becomes 1 when calls within a program are made.
 +
|-
 +
|16
 +
|'''RF''' Resume Flag
 +
|Stays 1 upon a break, and stays that way until a given 'release' or resume operation/command occurs.
 +
|-
 +
|17
 +
|'''VM''' Virtual Machine 8086
 +
|Becomes a 1 if the processor is to simulate the 8086 processor (16-bit).
 +
|-
 +
|18
 +
|'''AC''' Alignment Check
 +
|Checks that a file or command is not breaking its privilege level.
 +
|-
 +
|19
 +
|'''VIF''' Virtual Interrupt Flag
 +
|Almost always set in protected mode, listening for internal and assembling interrupts.
 +
|-
 +
|20
 +
|'''VIP''' Virtual Interrupt Pending
 +
|1 if a virtual interrupt is yet to occur.
 +
|-
 +
|21
 +
|'''ID''' ID Flag
 +
|Is set if a CPU identification check is pending (used in some cases to ensure valid hardware).
 +
|}
 +
 
  
  

Revision as of 12:02, 12 March 2017

This entry needs a lot of work. Please contribute if you can.

Check this page to see if there are some suggestions for adding to Assembler.

To describe:

  • Flags
  • Segments
  • CPL/DPL
  • IDT/GDT(/LDT)

Segments

Segment registers: cs,es,ds,ss,fs,gs
Bits 0,1 describe the RPL , request privilege level
Bit 2 describes if the LDT is used or not
Bits 3 to 15 contain the offset into the GDT or LDT table (when shifted left by 3)

example:
CS of 8 = 1000b = 1 0 00 : RPL=0, LDT=0, so GDT is used, offset in GDT table is (1 << 3) = 8 CS of 0x23 = 100011b = 100 0 11 : RPL=3, LDT=0 (GDT), offset in GDT table is 100b=4, (4 << 3) = 32

Note that even though 64-bit mode is used, bits 3 to 15 still only need to be shifted by 3 to point to the proper offset

GDT

The gdt is a table of descriptors that describe what should happen when entering a specific segment and setting it's rights. (What access rights, the limits, if it's data or code, etc...)


IDT

The IDT is a table of descriptors that describe what should happen when an interrupt occurs. It contains the used code segment, and the EIP/RIP address to call, but also information like the DPL of the interrupt and if it's a callgate, taskgate or interrupt gate

Useful interrupts in regards of game hacking: Interrupt 1(Single step), 3(breakpoint),13(General protection fault) and 14 (Page fault)

Flags

There are 32 bits available for the 17 EFlags. Missing bits in this list are not a mistake, some flags temporarily use their neighbours.
ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF


Source

Opcodes

Most commonly used opcodes:

MOV destination, source
Sets a register or address to a specified value.
INC destination
Increases a register or address with 1.
DEC destination
Decreases a register or address with 1.
ADD destination, source
Adds the source to the destination.
SUB destination, source
Subtracts the source from the destination.
NOP
No Operation.
Usually used when removing original code.
OR destination, source
The OR instruction is used for supporting logical expression by performing bitwise OR operation.
The bitwise OR operator returns 1, if the matching bits from either or both operands are one.
It returns 0, if both the bits are zero.
Example:
            destination:     0101
                 source:     0011
----------------------------
After OR -> destination:     0111
XOR destination, source
The XOR instruction implements the bitwise XOR operation.
The XOR operation sets the resultant bit to 1, if and only if the bits from the operands are different.
If the bits from the operands are same (both 0 or both 1), the resultant bit is cleared to 0.
Example:
             destination:     0101
                  source:     0011
----------------------------
After XOR -> destination:     0110
AND
The AND instruction is used for supporting logical expressions by performing bitwise AND operation.
The bitwise AND operation returns 1, if the matching bits from both the operands are 1, otherwise it returns 0.
Example:
             destination:     0101
                  source:     0011
----------------------------
After AND -> destination:     0001
TEST destination, source
The TEST instruction works same as the AND operation, but unlike AND instruction, it does not change the first operand.
NOT operand
The NOT instruction implements the bitwise NOT operation.
NOT operation reverses the bits in an operand.
The operand could be either in a register or in the memory.
Example:
             operand:    0101 0011
After NOT -> operand:    1010 1100

See also

External links