Assembly Language for Beginners

1.13 GOTO operator f1()completes: Figure 1.31:OllyDbg:f1()completes execution We now find0xDB18and0x243at addresses0x2EF854and0x ...

1.13. GOTO OPERATOR $SG2936 DB 'skip me!', 0aH, 00H $SG2937 DB 'end', 0aH, 00H _main PROC push ebp mov ebp, esp push OFFSET $SG2 ...

1.13. GOTO OPERATOR This could also be useful as a simple patching exercise. Let’s open the resulting executable in Hiew: Figure ...

1.13. GOTO OPERATOR Place the cursor to addressJMP(0x410), press F3 (edit), press zero twice, so the opcode becomesEB 00: Figure ...

1.14 Conditional jumps xor eax, eax ret 0 _main ENDP However, the compiler forgot to remove the “skip me!” string. 1.13.2 Exerci ...

1.14. CONDITIONAL JUMPS $LN3@f_signed: mov ecx, DWORD PTR _a$[ebp] cmp ecx, DWORD PTR _b$[ebp] jne SHORT $LN2@f_signed push OFFS ...

1.14. CONDITIONAL JUMPS Listing 1.108:main() _main PROC push ebp mov ebp, esp push 2 push 1 call _f_signed add esp, 8 push 2 pus ...

1.14. CONDITIONAL JUMPS x86 + MSVC + OllyDbg We can see how flags are set by running this example in OllyDbg. Let’s begin withf_ ...

1.14. CONDITIONAL JUMPS The next conditional jump: Figure 1.35:OllyDbg:f_unsigned(): second conditional jump OllyDbg gives a hin ...

1.14. CONDITIONAL JUMPS The third conditional jump,JNB: Figure 1.36:OllyDbg:f_unsigned(): third conditional jump In Intel manual ...

1.14. CONDITIONAL JUMPS Now let’s reviewthef_signed()function, which works with signed values, in OllyDbg. Flags are set in the ...

1.14. CONDITIONAL JUMPS The secondJNZconditional jump triggering: if ZF=0 (zero flag): Figure 1.38:OllyDbg:f_signed(): second co ...

1.14. CONDITIONAL JUMPS The third conditional jumpJGEwill not trigger because it would only do so if SF=OF, and that is not true ...

1.14. CONDITIONAL JUMPS x86 + MSVC + Hiew Wecantrytopatchtheexecutablefileinawaythatthef_unsigned()functionwouldalwaysprint“a==b ...

1.14. CONDITIONAL JUMPS Here is the modified code: Figure 1.41:Hiew: let’s modify thef_unsigned()function If we miss to change a ...

1.14. CONDITIONAL JUMPS jmp puts .L1: rep ret .L7: mov DWORD PTR [esp+4], OFFSET FLAT:.LC1 ; "a==b" jmp puts We also seeJMP puts ...

1.14. CONDITIONAL JUMPS .text:000000B8 f_signed ; CODE XREF: main+C .text:000000B8 70 40 2D E9 STMFD SP!, {R4-R6,LR} .text:00000 ...

1.14. CONDITIONAL JUMPS That is how you can get rid of conditional jumps in ARM mode. Why is this so good? Read here:2.10.1 on p ...

1.14. CONDITIONAL JUMPS Listing 1.115: f_unsigned() f_unsigned: stp x29, x30, [sp, -48]! ; W0=a, W1=b cmp w0, w1 add x29, sp, 0 ...

1.14. CONDITIONAL JUMPS .text:00000000 arg_0 = 0 .text:00000000 arg_4 = 4 .text:00000000 .text:00000000 addiu $sp, -0x20 .text:0 ...