Please suggest me How to convert machine code to assembly code? excluding intel reference manual and dos debugger method?
You can use any debugger, such as gdb, or any disassembler, such as IDA Pro Advanced.
There also are opensource ones, such as Agner Fog's objtool.
IDA Pro Advanced also has the Hexrays plugin, with which you can decompile code.
look at this thread :
How might I convert Intel 80386 Machine Code to Assembly Language?
Related
I am trying to use the win32 api in x86 assembly to show graphics in a window. But I can't seem to find any tutorials/examples that does that. I did find a few tutorials that did this however they used other assemblers like MASM but I use NASM.
Does anybody know how to do that?
I'm learning assembly.
I know that gcc supports at&t syntax but i want my program to run on intel processors.
So would it work on intel processors regardless the syntax or it must be intel syntax to work on intel platform!! i'm confused??
Thanks.
att vs intel syntax has been covered many times, here and other places.
Assembly language is a language defined by the assembler, the particular program used to convert the ASCII assembly language into machine code for the particular target you are interested in. Unlike say a C or C++ compiler where there is a standard that defines the language, you can have 7 assemblers for the same target processor and there is no reason to assume that the assembly languages have to be compatible in any way shape or form. It is the machine code the produce that matters and if that machine code matches the same target then use the tool you like the best for whatever reason.
For this case there was the intel format as defined by the intel documentation and supported by the intel assembler. And then supported sorta by other assemblers. The instructions were close or the same they might have had a compatibility mode and maybe they had their own directives. For example as86 (or was it asm86 or a86?) tasm, masm, and currently nasm. And then you had this AT&T syntax, someone somewhere (ATT?) decided to make an assembler with a goofy assembly language that specifically didnt match the intel documentation at all. And that became the Intel vs AT&T syntax thing. gnu assembler is well known for messing up existing assembly languages as well, and they apparently use AT&T with their own nuances thrown in. they might have an intel syntax switch you should check.
The question you should be asking is the target, and assemblers like gnu assembler for x86 are often capable of generating code for various flavors of x86, so you need to make sure it matches your computer (most likely does if you dont add any target type/specific options).
There is no reason to assume an AT&T syntax assembler (gnu assembler (gas or as)) would not work.
do you know where I can find Windows Low Level Assembly examples programs?
I have some exemples using macros (NASM, MASM) but I want pure assembly, in order I can build a shellcode later.
Thanks a lot guys!
This tutorial might be usefull for you: winamtut
Also this topic in MASM forum is great too.
If your architeture is x64 so try this link too.
And finally if you're interested in some theory, maybe this link could be nice.
Doing Windows GUI stuff in assembly language is a lot of work. This is why the examples you've found use macros - it takes away some of the pain.
If you really want pure assembly language, a great way is to ask your compiler. Write some C code to call CreateWindow or whatever, and then generate an assembly listing from the compiler (or step through it with a debugger).
If by "pure assembly" you mean "not done as a macro or library" then this is what you have to do:
download the masm32 package
check through the copius amount of samples, there will be many using CreateWindow or CreateWindowEx
start your own program
link in windows.h
use the invoke macro to call CreateWindow or CreateWindowEx
if you don't want to use invoke then just push the parameters onto the stack and call the functions directly - as this is what invoke does for you anyway
You can also get lots of help using the MASM package from the masm forum.
The best way to really (and quickly) learn win32 assembly is to decompile simple win32 programs. You could download lena's reversing tutorials from tutsforyou.com. Alternative you could tryout the reverse me's from osix.net - they have some pretty straight forward programs for you to reverse, and the best part is you get to see the masm32 sourcecode after completing the level.
tools: ollydbg, masm32 etc.
books: win32 assembler coding by Goppit, the arteam's PE compendium, intel developers handbook
hxxp://osix.net
hxxp://tuts4you.com/download.php?list.17
hxxp://www.intel.com/products/processor/manuals/
I'm not very pleased with your "in order I can build a shellcode later." - it's stuff like that which gives assembly a bad name.
I'd suggesty you take a look at FASM instead of MASM, though, since it's "closer to the metal", and directly supports binary output.
For learning to build shellcode I would suggest creating a very simple c program that does what you want the shellcode to do and than disassemble that using IDA or Immunity (or whatever debugger / dissasembler that you are familiar with). Than you can see what the instructions are that are being used.
I would also recommend the following books:
Hacking: The Art of Exploitation (2nd Edition)
The Shellcoder's Handbook
I'm in an Assembly class focusing on the intel 8086 architecture (all compiling / linking / execution comes from running DOS on win7 via DOS-Box).
I've finished programming the latest assignment, but as I have yet to program any program successfully the first time through, I am now stuck trying to debug my code.
I have visual studio 2010 and was wondering if there was some built in feature that would help me debug my assembly code, specifically, I'm looking to track the value of a variable.
Failing that, instructions pointing to a DOS-Box debugger (and instructions!) would be much appreciated. (I think I've been able to run codeview debug, but I couldn't figure out how to do what I was looking for).
You are generating 16-bit code, you have to break into a museum to find better tooling. Try Borland's, maybe the debugger included with Turbo C.
Yes, indeed, you can use the debugger in VS to examine pretty much everything. Irvine's site has a section specifically on using the debugger here. You can examine registers, use the watch window, etc. He also has a guide for highlighting asm keywords if you need that.
Edit: as Hans pointed out, if you are using 16-bit instead of 32-bit protected, you'll need different tools. There are several choices, listed here.
Borland's tools for DOS were called tasm, tlink, and tdebug.
I'm a beginner to reading assembly language and I'm looking for a good assembly reader for win32, which one do you recommend?
You are much better off writing your own assembly code, best way to learn. But you can get reams of inscrutable assembly code from dumpbin.exe /disasm or IDA Pro.