Explaining assembly in a very simple way

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
Post Reply
STN
Founder
Founder
Posts: 2737
Joined: Thu Mar 02, 2017 7:48 pm
Reputation: 154

Explaining assembly in a very simple way

Post by STN » Wed Apr 19, 2017 12:39 am

Recreating Geri's tutorials and articles before his site got wiped out. Wealth of information in it!
-----

First of all, in order to understand this article, You need to accomplish Step 5 in the CE tutorial, where You have to find a code which is writing to an address and replace it with a code that does nothing. If You did not reach that step so far, or You did not even try the CE tutorial yet, please read this article first (if You can, reach Step 7 which is about code injection and You will know how to inject scripts into programs):
How to beat the Cheat Engine tutorial

If You have beaten Step 5, then at least You have seen an assembly code. Wonderful. Now if You don't have a clue what is mov [eax],edx and other ugly stuff, then this article will try to explain it in a very un-professional and simple way. I will not bother to explain detailed things, I will only write down what You really need to know to write very simple scripts. In step 5, You have learned that if You replace the code, the value will be freezed. Thats simple, the code has changed a value, You have turned off the code and now the value does not change. You don't have to know what is the code itself, You just get rid of it. Sometimes however, You will want to do more then simply get rid of a troublesome code line in a game and freeze a value, but then You will have to know more about these codes.

So lets start checking out a very simple code:
mov [eax],edx

This code is changing a value on a memory address to another value.
First You might have noticed that assembly codes are full of these eax,edx, ecx ... things. These things are the registers. You already know that programs are storing values on memory addresses and if You find a value on a memory address, You can change it. This way You can change Your health, ammo etc. in games. The assembly codes are working with registers to store values. However there are only a few registers and as You know, a program contains lots of values. So in assembly, You can use the registers as "boxes". Lets say a program wants to decrease the health. In this case, one possible method is to get the value of health from the memory address of health and save it in a register. Then decrease the value in the register and then put back the decreased value to the memory address of health. If You still don't get it, here is an example from a real life situation: You want to move from Your house into another house. You have only 8 boxes and You have lots of stuff. 8 boxes are simply not enough for all Your stuff. So You put Your things in the boxes, take it to the other house, then take out Your stuff from the boxes, come back to Your house with the empty boxes and start it again until You have moved all Your stuff to Your new house. In this situation, the stuff You move are the values of health, ammo and many other things and the boxes that can carry them are the registers.

So this should be clear enough, know You know that there are a few registers and the values in the registers are always changing when the program is putting in values or get out values from them.
Lets check out the code again above. Now You can see that the code contains 2 registers, so it is doing something with 2 values. Now You also need to know what is mov.
MOV is an instruction, it will copy the second operand to the first operand so the 2 operand will be equal. These operands are usually registers, simple numbers or memory addresses. You can see a "," between the operands. Example:
mov eax,2 means "copy 2 to eax", so the result of the operation will be eax=2.
I guess this is simple enough, almost like basic math.

Fine, now let's check out the code again:
mov [eax],edx
I told this code is changing a value on a memory address to another value. Probably You still don't understand how can this code change a value in the memory when this code has 2 registers only and You don't see any memory address anywhere. Here comes the final twist. I am sure You see that eax register is between a [ and a ] mark and I did not tell You about that so far. In this case, eax is a memory address (lets say for example it is 001268E0) and if You see [eax], it means "the value on the memory address which is stored by eax".
So "mov [eax],edx" means "copy the value of edx register to the value which is stored on 001268E0 memory address".
And again, this may be a bit difficult to understand so here comes another stupid real life example:
You want to store Your money, so You put it in a bank safe. The safe has a number. You want to remember to the number of the safe, so You write it done to a paper. If You want to get the money, all You need to do is get the paper, read the number of the safe, get to the safe and take Your money. In this situation, the money is a value, the safe is a memory address which holds Your value and Your paper is the register which contains the important safe number. So in the example above, eax is the paper, 001268E0 is the safe number which is stored on the paper and finally, [eax] means the value which is stored in the safe, the money itself.
Hopefully You understand it now. When You see anything between [ and ], it means the code is referring to a value, possibly to the amount of Your health or ammo or whatever the code is working with.

Let's see a very simplified code which will decrease Your health as You take damage and You will understand it better now. Assume that You have found Your health and the code which is writing to the address is
mov [ecx],edi
Out of curiousity, You check out in the memory browser what is before this code and You see this:
mov edi,[ecx]
sub edi,eax
mov [ecx],edi

Alright, here it is step by step:
1. mov edi,[ecx]
Probably You know that by now, this code will copy Your health value to edi (which is a register).

2. sub edi,eax
This code is decreasing edi with the amount of eax. In this case, as You have taken damage, edi is Your health and eax is the amount of damage You have taken, so the code means "decrease health with the damage".

3. mov [ecx],edi
edi has been changed already in the 2. code and it contains the new, decreased value of health. This code will simply copy the changed health from the register to the memory address where the health is stored.

So the result is, Your health has been decreased. If You replace the 3. code with a code that does nothing, Your health will obviously not change, because the decreased value will not be copied from the register to the memory address of the health value.

Awesome! We are almost done, but You need to learn a few things before You try to take over the world with Your new knowledge.
1. In most cases, the values of memory addresses are displayed like [ecx+44] or any similar number. This just means that the code is referring to a memory address which can be calculated by adding 44 (in hexadecimal) to ecx register's value. For example if ecx = 00004560, then ecx+44 = 000045A4 and [ecx+44] means the value which is stored on 000045A4 memory address.

2. In assembly, You are not able to use 2 memory values in one instruction. So a code like "add [eax],[ecx]" is simply not valid. If You want to operate with memory values, You need to save at least one of them in a register, then do the necessary operation with the value and copy it back to the memory address.

3. If You use a register to store a value for You, don't forget that You also need to restore the register's original value after You are done. You can save the value of the registers with the pushad instruction and load them back with the popad instruction. If You forget to do that, the program will most likely crash.

This has covered the very basics and hopefully You understand a bit more from those codes. With this knowledge, You will be able to write the simplest of scripts that You may need.
Let's say You don't just want to freeze the amount of Your money in a game, You also want to change it to millions. Then all You need to do is add an extra line to the code which is writing to Your money. For example if the code which is changing Your money is this:
mov [eax],edx

Then all You need to do is to modify the code like this:
mov edx,FFFF (or any amount of Your heart's desire)
mov [eax],edx

Don't forget that You always need to use hex numbers in the codes, not decimals.

Are You curious already how can You make Your own scripts?
Then continue the CE tutorial until You reach code injection:
How to beat the Cheat Engine tutorial
After that, You might want to check out my other article where You can see the most important instructions that You can use in Your codes, such as how to decrease or increase a number and generally all You need to know to hack an easy game.
Basic assembly instructions (opcodes) and examples

I hope it was useful to read all of this.

Cheers!
Geri

Post Reply

Who is online

Users browsing this forum: No registered users