how are asm instructions "saved" in PE?

[tommmy77]

I was using a debugger the other day to see what the contents of a small program I made in C++ looked like. I noticed that asm instructions were saved in the form of hex numbers. For example, "PUSH EAX" is 0x50, and "MOV EAX,EBX" is 0x8BC3. This would be a cool idea if I wanted to inject code into my program. But if I wanted to, how am I supposed to know what "POP EAX" or "INC EAX" would be? Is there a site that shows what the hex equivalent of asm instructions are?

[hutch--]

tommy,

read the rules in terms of activities like code injection and keep this stuff out of here.

All binary executable files store code in the same manner, as opcodes, not as mnemonics or hex or otherwise. P-code is hybrid and script languages usually store text.

[Ossa]

The Intel manuals tell you this, but be careful of what you want to do with such information (mentioning things like "code injection" tend to ring alarm bells around here). Read the DMC thread that has been going on here for some extra info on instruction encodings.

But I'll just say that the encoding of instructions is not as straight forward as you might think.

Ossa

[Shantanu Gadgil]

This would be a cool idea if I wanted to inject code into my program

Yes...it would be cool...but you know something even cooler??? How about looking at it this way... "Creation more difficult than destruction" and so how about trying to "create" something before moving on to the above mentioned activities? :)

Hope you take the criticism constructively!!! :)
Regards,
Shantanu Gadgil

[Eugen]

How funny and pathetic is that...
He has no idea what opcodes are, what binary format is all about, no clue at all, but he wants to "inject code"  :cheekygreen:

Standard "newbie wants to be a hacker" issue..

Eugen

[Shantanu Gadgil]

To Eugen,
I agree, but I also think that instead of drubbing a newbie for having some "cool" idea, we should tell him that the "way" he is thinking might not be the best, and try to show him the right way!  :bg  :bg

Say what?

[Eugen]

Of course, you are right, but i just could not help myself  :bdg

Eugen

[tommmy77]

well, thanks for all the people who gave me positive remarks. I do not intend to be a hacker! Ha! that is actually laughable (I nearly fell off my chair). I was just experimenting with my debugger. I wouldn't call myself a newbie, but I wouldn't not either (if that makes sense). I am a newbie, however, when it comes to binary formats.

[Shantanu Gadgil]

I do not intend to be a hacker!

Cool! :cheekygreen: :cheekygreen:

<philosophical rant>
Buuuut...on a side node...technically a "hacker" is a person who "finds out" how things work as opposed to a c**cker who does stuff with malicious intent....(blah..blah...you know)  :lol :lol
</philosophical rant>

Anyway...thats all for now from me!!! :bg :bg

[paranoidx]

I have a problem with how everyone is responding to tommmy77's thread. Who in this forum did not one way or another has asked that question? i.e.

how am I supposed to know what "POP EAX" or "INC EAX" would be?

Anyone who has dissasembles ANY prog will naturally ask that question. As this is the key of how any progamming language is translated so the machine understands. The only mistake that he did was to mention the word:

inject code

which MIGHT reflect his intent. By asking the question it shows:

1. He is naive as he did not know what others do with code injection.
2. He is trying to understand asm from the heart

Given his understanding of asm, he is far from being hacker/cr**acker. Instead, he is simply sharing his experience in asm learning and reflecting. The fact that he is TRYING to understand, yet in return the forum attacks him like he is cr*cker. Any language can be used to hack/cr*ck, and trends tells us that most of these are done in C/C++.

"Creation more difficult than destruction"

I give you: criticism is much much EASIER than encouragement.

Sometimes, when ppl are at the top of the hill, they look down and see how the others are climbing. Some simply sits and giggle at other's mistakes, if only they had a video of their own venture. Some walk back and forth at the top displaying their might and this flicks little pebbles stumbling the ones still climbing. Some, see others repeating the same mistake they would go back down and lead them in the right direction. The strong ones would carry them one their shoulders and they would repeat this until they cannot do so.

[Ehtyar]

very very well put @ paranoidx, gonna save that last paragraph. im afraid im not much help in where to go to learn inc/pop, but im sure if you gave us more examples of the terms you wish to learn we could explain one by one.

[hutch--]

Guys,

Understand this much that the rules of this forum are not subject to co-ercion from new members. Collectively there are hundreds of years experience floating around this forum and the rules of the forum are enforced by both the admin team and our members. Code injection techniques are a NO NO here because the legal stuff cannot be seperated from the rest.

After having many new members try and post stuff here that is not allowed, we exercise the policy where we shoot first and ask questions later and while we will unlock threads if the member responds to the question promptly and are doing something sensible, we will not tolerate any nonsense in here.

Now rather than try and work against us, make use of the very large number of skilled people who are members here and you will do well but understand that with the level of experience available with the members and team, there will be no stunts pulled in here.

[asmfan]

I would suggest you to learn more on theory of compillation and assemblers, instruction set and opcodes. It isn't illegal but informative!

[P1]

I have a problem with how everyone is responding to tommmy77's thread. Who in this forum did not one way or another has asked that question?

1.  We have answered those questions for ourselves.  Because when we did it, we did our homework for ourselves.

2.  There is not enough information to go on here.  How many times can we count the h*ch*rs & cr*ck*rs who have tried.

3.  Law suit are becoming more common now.  Who wants to be a party to one of those ignorantly?

4.  There are plenty of websites to answer these basic questions.  So is He Google illiterate?  Is 'Search' that hard to use?  So he asked a question, that he could look up himself.  You get no help, then you find help for yourself.  Grow up!  Your entitled to find the answer yourself, but not demand one.

Most professionals need to move on for simple stuff like this.  If you want to help, go ahead and help him. 

Regards,  P1  :8)

[P1]

Sometimes, when ppl are at the top of the hill, they look down and see how the others are climbing. Some simply sits and giggle at other's mistakes, if only they had a video of their own venture. Some walk back and forth at the top displaying their might and this flicks little pebbles stumbling the ones still climbing. Some, see others repeating the same mistake they would go back down and lead them in the right direction. The strong ones would carry them one their shoulders and they would repeat this until they cannot do so.

The struggle to find an answer is more valuable than being given the answer.  Because if your going out on the leading edge, there is no one to show you where to go.  That is what maps are about.  So go buy one, if you don't want to be lost.

Experience is about generating answers for yourself. 

Been there, done that.   :U

Regards,  P1  :8)