flat assembler
Message board for the users of flat assembler.

Index > Windows > Very Beginner- Learning 64-bit Assembly (resources?)

Author
Thread Post new topic Reply to topic
Regen



Joined: 16 Aug 2006
Posts: 5
Regen 16 Aug 2006, 04:20
Hi,

I am trying to learn Assembly. For simplicity sake, assume I know nothing of programming. My computer, which is what I plan to write and execute my programs on while I'm learning, is a AMD64. OS is Win64 Pro.

I am currently looking for resources to help get me started. I have the book, "Assembly Languange Step-by-Step" by Jeff Duntemann, and a couple others. In following the step by step process, I quickly discovered DOS is effectively useless and they removed the DEBUG program. So, obviously my current resources are to out-dated to be useful to me. Also, in searching for a useful Assembler, I discovered YASM and FASM, and I have to clue about the differences between the two.

Can anyone direct me to resources to get me started on assembly programing in 64-bit? Anyone mind pointing out some pros and cons of FASM vs YASM?

Thanks for any help.
Post 16 Aug 2006, 04:20
View user's profile Send private message Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen 16 Aug 2006, 07:37
Post 16 Aug 2006, 07:37
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 16 Aug 2006, 07:47
Hello Regen and welcome here.
You have to learn from 2 areas:
1. asm instructions - look into fasm zip package for file FASM.TXT (200 kB) or FASM.PDF (400kB). Good idea is to step instructions under debugger to see what happens with registers and memory. Learn registers at first (Table 1.2, Table 2.4 from fasm.txt or pdf), then start with instructions mov lea call ret cmp jz jnz jc jnc, ...
2. win64 specific part of coding (like how to read file, write to console, create window, what is message loop, how to pass paremeters to API, which registers are nonvolatile, ...) - try to read EXAMPLES\PE64DEMO from fasmw.zip
http://board.flatassembler.net/download.php?id=1988
or try to learn from izcelion tutorials (but they are for win32 and you have to convert them into win64).
You will need to know how to pass parameters to API http://flatassembler.net/docs/win32hlp.zip
or online MSDN library.

Don't forget to look into http://flatassembler.net/docs.php

You will have a lot of questions. Don't hesitate to ask at the forum. You decided to start a fight, you will have a lot of informations at begin and you will have difficuties to select what is important, what is more important and what is the most important.
fdbg is too big to learn from it and now I'm rewriting it completely from the base because big mess in sources and constructing completely new face. fdbg.exe is fully functionaly, it is meant for beginners, I tried to make its imput the easiest, it shows you every register (with very small font to fit into 1 screen)
Post 16 Aug 2006, 07:47
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Regen



Joined: 16 Aug 2006
Posts: 5
Regen 16 Aug 2006, 23:18
Ok, thanks for pointing me in the right direction. I'll be checking those out.
Post 16 Aug 2006, 23:18
View user's profile Send private message Reply with quote
Regen



Joined: 16 Aug 2006
Posts: 5
Regen 18 Aug 2006, 01:20
Quick question.

How do I veiw a hex dump of a file? Using either windbg or fdbg or both.
Post 18 Aug 2006, 01:20
View user's profile Send private message Reply with quote
Regen



Joined: 16 Aug 2006
Posts: 5
Regen 18 Aug 2006, 05:08
Ok, I found how to view hex dumps, by opening the file, attaching the windbg to the process, then View->Memory or Alt+F5, but it doesn't show me the hex dump for the file that I attached it too. For example, if I create a .txt document in notepad with random words, those words won't appear in the ASCII portion of the hex dump, because it isn't showing the portion of memory that has the text.

What am I doing wrong?

Also, is there a better way to navigate the hex dump? Is there a way to limit the memory addresses it will dump the info from?

Thanks!

Edit: Oh, also, is there a way to view the hex dump without first attaching to the process? I ask because it requires that you start running the program to attach to it. You can't view the hex info for a notepad file without first opening that file.
Post 18 Aug 2006, 05:08
View user's profile Send private message Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 509
Location: Czech republic, Slovak republic
Feryno 18 Aug 2006, 09:15
exe file and image of its process in memory are very different

1. Hex dump of a file:
personaly, I use total commander for text editing and text/hexa viewing files
press F3 (=View) on the file, then press 3 (=Options->Hex)

you can use various hexa editors (more powerfull for hexa operations than totalcmd) - biew, hex workshop,...

2. Hex dump of an image of a process
It is good choice to execute file to view the image of its process and use debugger to examine process memory. Of course, there is one complicated way without executing file - manual calculations from exe header. If you are afraid that exe should be a malware, loading file under debugger is secure if you don't run it or make some steps. When you load exe under debugger, debugger stops at exe entrypoint or even before entrypoint in ntdll breakpoint.

-----
When you type some words in notepad.exe and then you attach to notepad process, it is very hard work to find where the process store the buffer holding text you typed. You can easy view hex dump of the process, because debugger notifies you where process reside. But you don't know, where the process allocate buffers and memory is too big to try randomly find them. You need a lot of time and experiences to disassemble and trace notepad to find where is the buffer holding text you typed.
If the buffer is in the image of process, you can use Find function of fdbg to find text strings or hexa bytes sequence. But I suppose that notepad use api for allocate memory somewhere outside of its process image.
Post 18 Aug 2006, 09:15
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Regen



Joined: 16 Aug 2006
Posts: 5
Regen 18 Aug 2006, 22:48
Ok, thank you for the information. I need to try some things before I know how much it helps.
Post 18 Aug 2006, 22:48
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.