0

I've read and watched a lot of youtube videos without any progress. I'm trying to learn from a site called hackcenter and they presented me with a question like this in assembly code.

testazza: //No idea what this is doing
.LFB0:  //No idea what this is doing either
        push    ebp 
        mov     ebp, esp //Creating the stack i guess
        mov     eax, DWORD PTR [ebp+8] //Moves 8bytes of memory allocation (Dont know what DWORD PTR DOES though)
        imul    eax, eax, -1795719608 //(Multiply what? Is -1795719608  a memory adress?                                       
        pop     ebp     //Pop the pointer                                                      
        ret   //Return

To be honest, I don't think there's enough explanation on this, so I would appreciate it if someone could help me understand what this program is actually doing.

Sep Roland
  • 33,889
  • 7
  • 43
  • 76
PlayPhil1
  • 191
  • 1
  • 3
  • 6
  • The first to lines are labels, you should already know that. The `-1795719608` is just a number, `eax` is multiplies by that. PS: make sure you have an instruction set reference so you can look up what instructions do yourself. – Jester Mar 04 '17 at 23:55
  • imul eax, eax, constant is not an instruction. Check your work. – Joshua Mar 05 '17 at 00:03
  • Consider reading an assembly tutorial. These questions are really basic and best answered by learning assembly programming in a systematic fashion. – fuz Mar 05 '17 at 00:11
  • @Joshua Some assemblers accept `imul` with two registers and an immediate if the two registers are equal, if I recall correctly. – fuz Mar 05 '17 at 00:11
  • I'm wondering if the -1795719608 is some "magic" number. If you look at the hackcenter example, is this explained? – rcgldr Mar 05 '17 at 00:36
  • While some particular topics may be better explained by video, overall the amount of information needed to learn x86 Assembly (not fully, just usable core of it relevant to user-land code, without OS/virtual machine management specifics) would be way too much for videos. You have to go through hundreds or thousand+ pages of book(s). Plus practising a lot by writing your own code. Watching videos is too slow compared to reading a good book. – Ped7g Mar 05 '17 at 17:13

2 Answers2

0

Commented code. At entry, [esp+0] = 32 bit return address, [esp+4} = 32 bit parameter. After push ebp mov ebp, esp, [ebp+4] = 32 bit return address, [ebp+8] = 32 parameter (this is 32 bit stdcall calling convention). The imul is effectively an unsigned multiply because it only keeps the bottom 32 bits of what could be a 64 bit product, and the bottom 32 bits are the same for signed or unsigned multiply. So the signed integer -1795719608 is equivalent to the unsigned integer 2499247688.

testazza:                    ; probably function label
.LFB0:                       ; probably not needed
        push    ebp          ; save ebp
        mov     ebp, esp     ; ebp = esp after the push
        mov     eax, DWORD PTR [ebp+8] ;move first parameter (32 bit) into eax
        imul    eax, eax, -1795719608  ;eax = eax * -1795719608
                                   ; or eax = eax * 0x94F77E48
                             ; eax is returned value
        pop     ebp          ; restore ebp, esp                                                      
        ret                  ; return to caller
rcgldr
  • 27,407
  • 3
  • 36
  • 61
0

If you want to learn Assembly language for Intel x86 Architecture I fully recommend Assembly Language for x86 Processors by Kip R. Irvine. It is understandable and implements some libraries (e.g. Input/Output) in order to focus on more important topics of assembly language. (link to the book on Amazon).

Now, I will try to explain some parts of your code:

  1. imul eax, eax, -1795719608 it means that you take the value of the register eax and multiply it by -1795719608 which is an integer number and then save the result in eax again.
  2. mov eax, DWORD PTR [ebp+8]. For explain this line see the following question, maybe they give to you a better answer about it.
Community
  • 1
  • 1
Lemark
  • 139
  • 3
  • 11