Author Topic: learning ASM  (Read 9969 times)

Azzazelus

  • Guest
Re: learning ASM
« Reply #15 on: October 05, 2012, 04:45:11 PM »
Hello again. Thanks for the answers.
Now I have another question to clarify some things before I go further.



There is a table in the book that says EAX and AX are general porpuse registers. When I use AX to fill some data, the EAX gets modified. The AX is a register that resides in EAX ?
Later Edit: I found on google that AX resides in EAX).
Also how can I see in OllyDbg the variables from memory ? (oneWord, oneByte,oneDword)?


ToutEnMasm

  • Member
  • *****
  • Posts: 1189
    • EditMasm
Re: learning ASM
« Reply #16 on: October 05, 2012, 05:22:24 PM »

EAX is a 32 bits register         
AX is the low 16 bits part of eax
Al is the low 8 bits part of AX

Same rules for edx,ecx,... except for esi,edi who are only pointer,not general register.
Fa is a musical note to play with CL

Azzazelus

  • Guest
Re: learning ASM
« Reply #17 on: October 05, 2012, 05:30:49 PM »
In Visual Studio I had the posibility to see variables contents at some point in the program while running with breakpoints. Is that possible with OllyDbg ?

ToutEnMasm

  • Member
  • *****
  • Posts: 1189
    • EditMasm
Re: learning ASM
« Reply #18 on: October 05, 2012, 05:36:41 PM »

I don't know if olly can insert breakpoint,perhaps he do,search in the menu.
Windbg do it.
In asm you can insert a coded breakpoint.
Quote
invoke DebugBreak
Fa is a musical note to play with CL

Vozzie

  • Guest
Re: learning ASM
« Reply #19 on: October 05, 2012, 07:22:17 PM »
Hy,

Also how can I see in OllyDbg the variables from memory ? (oneWord, oneByte,oneDword)?

The data of your variables (oneByte, oneWord,...) you can find in the data segment. So in Olly you'll have to watch the memory where that variable resides. The names of those variables(labels) are gone but...

In that screenshot you can see the value of those variables in the left bottom window(Hex Dump)... There you can see

00404000 "78 34 12 87 D6 12 00 00 ....."

You have a Watch Window in Olly where you can enter the offset of those variables and watch them

Byte Ptr [00404000]
Word Ptr [00404000 + 1]
DWord Ptr [00404000 + 3]

Anyway the variable names (labels) are gone but you can also add them again in Olly,...

Click in the HEX viewer on the offset and select ADD LABEL. Give it the name of your variable. Now you can use this name also in the Watch Window  :t

After adding your labels this should work...


When you use EasyCode you have the "Add symbolic debug info" option in your project properties. When you set this option the names of your labels are known and you can just add them to the watch window. When you don't have debug info in your executable then you can label them in Olly manually. (Like i first wrote, i didn't know myself that the symbolic debug info add's the names of labels in your PE).

Open the watch window in Olly and add your labels...
 
Byte Ptr [oneByte]
Word Ptr [oneWord]
DWord Ptr [oneDword]

To add a breakpoint with Olly, hit F2... To step F8, step into F7... Restart CTRL+F2,...

And to see the program running, hit CTRL+F7, ...

When you add a DebugBreak or Int3 to your code and run the program. That program will show like it crashes in some windows versions but you'll have the chance to click "Debug" (after a while that button shows)... Then you can also debug with Visual Studio. (Make sure in visual studio you have "Native" checked where are the JIT options before you try).

You can also use (set) Olly as JIT debugger (carefull, can be some trouble to get your VS JIT settings back to normal)

There's also a debug library in the MASM package with some handy features...


See the native code, source and watch in this screen shot.


Greetings
« Last Edit: October 05, 2012, 10:16:56 PM by Vozzie »

mineiro

  • Guest
Re: learning ASM
« Reply #20 on: October 06, 2012, 12:35:09 AM »
Click with right mouse button in that line of code and see what options olly shows you. You have interest in the word 'dump'.

You can insert breakpoint direct in your code, but remember remove that breakpoints if you will not debug your program, like a release version of your program.

main proc
mov eax,0ffffffffh
mov ah,0
mov al,0
db 0cch   ;<--breakpoint direct inside your code, valid if you are on windows, ms-dos or linux
;remember to remove this if you do not need debug anymore
mov eax,0
Invoke ExitProcess,0
main endp

Instead you execute the program step by step, now you are able to run your program inside debug, and it will stop in that breakpoint.

qWord

  • Member
  • *****
  • Posts: 1473
  • The base type of a type is the type itself
    • SmplMath macros
Re: learning ASM
« Reply #21 on: October 06, 2012, 01:29:35 AM »
db 0cch   ;<--breakpoint direct inside your code, valid if you are on windows, ms-dos or linux
he can also use the mnemonic: INT 3  :biggrin:
MREAL macros - when you need floating point arithmetic while assembling!

Vozzie

  • Guest
Re: learning ASM
« Reply #22 on: October 06, 2012, 02:46:08 AM »
Just want to add, in EasyCode you have the precompiler definitions to include/exclude code in DEBUG/RELEASE.

Code: [Select]
IFDEF DEBUG
    Int 3
ENDIF ; IFDEF DEBUG

Or make this a macro for use with EasyCode
Code: [Select]
DEBUGSTOP Macro
IFDEF DEBUG
Int 3
ENDIF
EndM


The "Add symbolic information" option switches between Debug and Release...

mineiro

  • Guest
Re: learning ASM
« Reply #23 on: October 06, 2012, 04:59:28 AM »
yes yes Sir's, valid points. In a near future he can try non intrusive way, like used by obsidian debug.
ni_bkpt macro
db 0ebh,0feh
endm

Azzazelus

  • Guest
Re: learning ASM
« Reply #24 on: October 08, 2012, 10:51:10 PM »
Hi again and thanks you for the explanations. I'm sticking to EasyCode but I migrated to Jwasm just for the fun of making 64bits applications and using new instructions.
I managed to compile some code with 64bits registers and MMX registers but I cant use for example SSE4 new instrucions as the compiler doesnt know the oprands. Is there a special library that will contain informations about the new instrucions because it seems that Jwasm supports them (in the help file)?

ToutEnMasm

  • Member
  • *****
  • Posts: 1189
    • EditMasm
Re: learning ASM
« Reply #25 on: October 08, 2012, 11:29:30 PM »

http://msdn.microsoft.com/en-us/library/y0dh78ez(v=vs.80).aspx

you have also the "intel manual"  "AMD manual" and ...
Fa is a musical note to play with CL

Azzazelus

  • Guest
Re: learning ASM
« Reply #26 on: October 08, 2012, 11:47:37 PM »
The problem is that the compiler doesnt see the new instrucions not that I cant find them on the internet.

qWord

  • Member
  • *****
  • Posts: 1473
  • The base type of a type is the type itself
    • SmplMath macros
Re: learning ASM
« Reply #27 on: October 09, 2012, 01:48:17 AM »
The problem is that the compiler doesnt see the new instrucions not that I cant find them on the internet.
What compiler? Aren’t you using an Assembler?  ;)
If you want to use SSE4.1/2/A, you must use MASM version 9+ or jWasm. To activate such instruction sets, add the .XMM directive to you code:
Code: [Select]
...
.xmm
...
MREAL macros - when you need floating point arithmetic while assembling!