Difference between revisions of "Assembler"

From Cheat Engine
Jump to navigation Jump to search
(Flags)
(Opcodes)
Line 110: Line 110:
 
== Opcodes ==
 
== Opcodes ==
 
Most commonly used opcodes:
 
Most commonly used opcodes:
 +
 +
; PUSH ''operand''
 +
: PUSHes (saves) data onto the stack.
 +
 +
; POP ''operand''
 +
: POPs (clears) data from the stack.
 +
 +
; PUSHF
 +
: PUSHes (saves) the FLAGS register onto the stack.
 +
 +
; POPF
 +
: POPs (clears) the FLAGS register from the stack.
 +
 +
; PUSHA
 +
: PUSHes (saves) all general purpose registers onto stack.
 +
 +
; POPA
 +
: POPs (clears) all general purpose registers from stack.
 +
 +
; JMP ''operand''
 +
: Jumps to the given ''operand'' (address).
 +
 +
; CALL ''operand''
 +
: Calls the given ''operand'' (address or function).
 +
: A RET must be hit for a CALL to work properly, best to use JMPs if unsure.
 +
 +
; RET ''operand''
 +
: Returns from a CALL optionaly removing, ''operand'' number of, bytes from the stack.
 +
: This is used for POPing values passed, to the CALL, from the stack.
  
 
; MOV ''destination'', ''source''
 
; MOV ''destination'', ''source''
: Sets a register or address to a specified value.
+
: Sets the ''destination'' to the ''source''.
  
; INC ''destination''
+
; INC ''operand''
: Increases a register or address with 1.
+
: Increases the ''operand'' by one.
 +
: <code>operand = operand + 1</code>
  
; DEC ''destination''
+
; DEC ''operand''
: Decreases a register or address with 1.
+
: Decreases the ''operand'' by one.
 +
: <code>operand = operand - 1</code>
  
 
; ADD ''destination'', ''source''
 
; ADD ''destination'', ''source''
 
: Adds the ''source'' to the ''destination''.
 
: Adds the ''source'' to the ''destination''.
 +
: <code>destination = destination + source</code>
  
 
; SUB ''destination'', ''source''
 
; SUB ''destination'', ''source''
 
: Subtracts the ''source'' from the ''destination''.
 
: Subtracts the ''source'' from the ''destination''.
 +
: <code>destination = destination - source</code>
 +
 +
; MUL ''operand''
 +
: Multiplies the ''operand'' by the data register
 +
: Placing the high value in the data register and the low value in the accumulator register.
 +
: <code>AH:AL = AL * operand : byte</code>
 +
: <code>DX:AX = AX * operand : WORD</code>
 +
: <code>EDX:EAX = EAX * operand : DWORD</code>
 +
 +
; DIV ''operand''
 +
: Divids the data register (high) and the accumulator register (low) by the ''operand''.
 +
: Placing the quotient in the accumulator register and the remainder in the data register.
 +
: <code>AL  AH = AH:AL/operand : byte AH:AL = AX</code>
 +
: <code>AX  DX = DX:AX/operand : WORD</code>
 +
: <code>EAX  EDX = EDX:EAX/operand : DWORD</code>
  
 
; NOP
 
; NOP
Line 150: Line 197:
 
  After XOR -> destination:    0110
 
  After XOR -> destination:    0110
  
; AND
+
; AND ''destination'', ''source''
 
: The AND instruction is used for supporting logical expressions by performing bitwise AND operation.  
 
: The AND instruction is used for supporting logical expressions by performing bitwise AND operation.  
 
: The bitwise AND operation returns 1, if the matching bits from both the operands are 1, otherwise it returns 0.
 
: The bitwise AND operation returns 1, if the matching bits from both the operands are 1, otherwise it returns 0.
Line 169: Line 216:
 
               operand:    0101 0011
 
               operand:    0101 0011
 
  After NOT -> operand:    1010 1100
 
  After NOT -> operand:    1010 1100
 +
 +
; LOOP ''operand''
 +
: The LOOP instruction assumes that the ECX register contains the loop count.
 +
: When the loop instruction is executed, the ECX register is decremented and the control jumps to the target label,
 +
: until the ECX register value, i.e., the counter reaches the value zero.
 +
: Used for Loop control.
 +
label(loop_start)
 +
MOV ECX,10
 +
loop_start:
 +
// loop body
 +
LOOP loop_start
 +
 +
 +
[https://en.wikipedia.org/wiki/X86_instruction_listings source]
  
 
== See also ==
 
== See also ==

Revision as of 19:52, 12 March 2017

This entry needs a lot of work. Please contribute if you can.

Check this page to see if there are some suggestions for adding to Assembler.

To describe:

  • Flags
  • Segments
  • CPL/DPL
  • IDT/GDT(/LDT)

Segments

Segment registers: cs,es,ds,ss,fs,gs
Bits 0,1 describe the RPL , request privilege level
Bit 2 describes if the LDT is used or not
Bits 3 to 15 contain the offset into the GDT or LDT table (when shifted left by 3)

example:
CS of 8 = 1000b = 1 0 00 : RPL=0, LDT=0, so GDT is used, offset in GDT table is (1 << 3) = 8 CS of 0x23 = 100011b = 100 0 11 : RPL=3, LDT=0 (GDT), offset in GDT table is 100b=4, (4 << 3) = 32

Note that even though 64-bit mode is used, bits 3 to 15 still only need to be shifted by 3 to point to the proper offset

GDT

The gdt is a table of descriptors that describe what should happen when entering a specific segment and setting it's rights. (What access rights, the limits, if it's data or code, etc...)


IDT

The IDT is a table of descriptors that describe what should happen when an interrupt occurs. It contains the used code segment, and the EIP/RIP address to call, but also information like the DPL of the interrupt and if it's a callgate, taskgate or interrupt gate

Useful interrupts in regards of game hacking: Interrupt 1(Single step), 3(breakpoint),13(General protection fault) and 14 (Page fault)

Flags

There are 32 bits available for the 17 EFlags. Missing bits in this list are not a mistake, some flags temporarily use their neighbours.
ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF


Source

Opcodes

Most commonly used opcodes:

PUSH operand
PUSHes (saves) data onto the stack.
POP operand
POPs (clears) data from the stack.
PUSHF
PUSHes (saves) the FLAGS register onto the stack.
POPF
POPs (clears) the FLAGS register from the stack.
PUSHA
PUSHes (saves) all general purpose registers onto stack.
POPA
POPs (clears) all general purpose registers from stack.
JMP operand
Jumps to the given operand (address).
CALL operand
Calls the given operand (address or function).
A RET must be hit for a CALL to work properly, best to use JMPs if unsure.
RET operand
Returns from a CALL optionaly removing, operand number of, bytes from the stack.
This is used for POPing values passed, to the CALL, from the stack.
MOV destination, source
Sets the destination to the source.
INC operand
Increases the operand by one.
operand = operand + 1
DEC operand
Decreases the operand by one.
operand = operand - 1
ADD destination, source
Adds the source to the destination.
destination = destination + source
SUB destination, source
Subtracts the source from the destination.
destination = destination - source
MUL operand
Multiplies the operand by the data register
Placing the high value in the data register and the low value in the accumulator register.
AH:AL = AL * operand : byte
DX:AX = AX * operand : WORD
EDX:EAX = EAX * operand : DWORD
DIV operand
Divids the data register (high) and the accumulator register (low) by the operand.
Placing the quotient in the accumulator register and the remainder in the data register.
AL AH = AH:AL/operand : byte AH:AL = AX
AX DX = DX:AX/operand : WORD
EAX EDX = EDX:EAX/operand : DWORD
NOP
No Operation.
Usually used when removing original code.
OR destination, source
The OR instruction is used for supporting logical expression by performing bitwise OR operation.
The bitwise OR operator returns 1, if the matching bits from either or both operands are one.
It returns 0, if both the bits are zero.
Example:
            destination:     0101
                 source:     0011
----------------------------
After OR -> destination:     0111
XOR destination, source
The XOR instruction implements the bitwise XOR operation.
The XOR operation sets the resultant bit to 1, if and only if the bits from the operands are different.
If the bits from the operands are same (both 0 or both 1), the resultant bit is cleared to 0.
Example:
             destination:     0101
                  source:     0011
----------------------------
After XOR -> destination:     0110
AND destination, source
The AND instruction is used for supporting logical expressions by performing bitwise AND operation.
The bitwise AND operation returns 1, if the matching bits from both the operands are 1, otherwise it returns 0.
Example:
             destination:     0101
                  source:     0011
----------------------------
After AND -> destination:     0001
TEST destination, source
The TEST instruction works same as the AND operation, but unlike AND instruction, it does not change the first operand.
NOT operand
The NOT instruction implements the bitwise NOT operation.
NOT operation reverses the bits in an operand.
The operand could be either in a register or in the memory.
Example:
             operand:    0101 0011
After NOT -> operand:    1010 1100
LOOP operand
The LOOP instruction assumes that the ECX register contains the loop count.
When the loop instruction is executed, the ECX register is decremented and the control jumps to the target label,
until the ECX register value, i.e., the counter reaches the value zero.
Used for Loop control.
label(loop_start)
MOV ECX,10
loop_start:
// loop body
LOOP loop_start


source

See also

External links