0

I have no problems other than the fact that I don't understand the code. What does dq mean? What is it's function in assembly? What do all of these numbers and represent? The text file just contains song lyrics so I'm guessing just words. But is it just hexadecimal notation?

I just opened up a text file with a disassembler just to learn what it means but I don't see the usual Assembly syntax like jmp commands anywhere. How can I understand what it means?

; Segment type: Pure code
          segment byte public 'CODE' use64
               assume cs:seg000
                assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing

dq 6E00550022FEFFh, 65006400200064h, 560020006E0069h, 6C00650067006Fh

dq 6E0061006B0020h, 6900730020006Eh, 6E00650067006Eh, 0D000A000D0022h

dq 6500690053000Ah, 67006100730020h, 6D0020006E0065h, 20002C00720069h

dq 73007300610064h, 65006900530020h, 6C006C00610020h, 68002000730065h

dq 6E006500620061h, 6100770020002Ch, 69005300200073h, 6F007700200065h

dq 6E0065006C006Ch, 6E0055000A000Dh, 65006400200064h, 560020006E0069h

dq 6C00650067006Fh, 6E0061006B0020h, 6900730020006Eh, 6E00650067006Eh

dq 620041000A000Dh, 64002000720065h, 65007600200075h, 65007400730072h

dq 20007400730068h, 6800630069006Dh, 630069006E0020h, 0A000D00740068h

dq 76002000750044h, 74007300720065h, 74007300680065h, 630069006D0020h

dq 69006E00200068h, 0D007400680063h, 59000A000D000Ah, 7400200075006Fh

dq 20006C006C0065h, 7400200065006Dh, 20007400610068h, 270075006F0079h

dq 67002000650076h, 6500200074006Fh, 79007200650076h, 6E006900680074h

dq 6F007900200067h, 61007700200075h, 0A000D0074006Eh, 200064006E0041h

dq 720075006F0079h, 72006900620020h, 61006300200064h, 6900730020006Eh

dq 0A000D0067006Eh, 20007400750042h, 200075006F0079h, 27006E006F0064h

dq 65006700200074h, 65006D00200074h, 6F0059000A000Dh, 6F006400200075h

dq 2000740027006Eh, 20007400650067h, 0A000D0065006Dh, 690053000A000Dh

dq 61007300200065h, 2C006E00650067h, 65006900530020h, 62006100680020h

dq 730020006E0065h, 65006200650069h, 7500570020006Eh, 7200650064006Eh

dq 73006500670020h, 6E006500680065h, 6E0055000A000Dh, 65006400200064h

dq 560020006E0069h, 6C00650067006Fh, 74007300690020h, 0FC007200670020h

dq 41000A000D006Eh, 20007200650062h, 6B002000750064h, 73006E006E0061h

dq 69006D00200074h, 6E002000680063h, 74006800630069h, 68006500730020h

dq 0A000D006E0065h, 6B002000750044h, 73006E006E0061h, 69006D00200074h

dq 6E002000680063h, 74006800630069h, 68006500730020h, 0A000D006E0065h

dq 6F0059000A000Dh, 61007300200075h, 6F007900200079h, 65007600270075h

dq 65006500730020h, 6500730020006Eh, 20006E00650076h, 64006E006F0077h

dq 0D007300720065h, 64006E0041000Ah, 75006F00790020h, 69006200200072h

dq 69002000640072h, 72006700200073h, 0D006E00650065h, 7400750042000Ah

dq 75006F00790020h, 6E006100630020h, 73002000740027h, 6D002000650065h

dq 59000A000D0065h, 6300200075006Fh, 740027006E0061h, 65006500730020h

dq 0D0065006D0020h, 57000A000D000Ah, 20006E006E0065h, 20007200680049h

dq 74007200650077h, 6C006C006F0076h, 42002000720065h, 74006900730065h

dq 46000A000D007Ah, 650067006E0061h, 2C006E00610020h, 63006900640020h

dq 75007A00200068h, 73006500620020h, 65007700680063h, 0D006E00650072h

dq 6800630053000Ah, 69002000750061h, 65006D0020006Eh, 200065006E0069h

dq 68006300690052h, 67006E00750074h, 630049000A000Dh, 65007700200068h

dq 20006500640072h, 64006E00750072h, 69006500730020h, 49000A000D006Eh

dq 77002000680063h, 65006400720065h, 6E007500720020h, 65007300200064h

dq 0A000D006E0069h, 680057000A000Dh, 790020006E0065h, 2000720075006Fh

dq 7A006900720070h, 70002000640065h, 6500730073006Fh, 6F006900730073h

dq 0A000D0073006Eh, 72006100740053h, 6F007400200074h, 69006500770020h

dq 79002000680067h, 6400200075006Fh, 0D006E0077006Fh, 6F006F004C000Ah

dq 6E00690020006Bh, 200079006D0020h, 65007200690064h, 6F006900740063h

dq 49000A000D006Eh, 20006C006C0027h, 72002000650062h, 64006E0075006Fh

dq 270049000A000Dh, 620020006C006Ch, 6F007200200065h, 0D0064006E0075h

dq 57000A000D000Ah, 20006E006E0065h, 6E006900650064h, 67006F00560020h

dq 6B0020006C0065h, 74007500700061h, 73006900200074h, 42000A000D0074h

dq 67006E00690072h, 73006500200074h, 63006900640020h, 75007200200068h

dq 7200650074006Eh, 53000A000D003Fh, 6B002000650069h, 65006E006E00F6h

dq 7500610020006Eh, 77006500670066h, 74006B00630065h, 72006500770020h

dq 0D006E00650064h, 6800630049000Ah, 72006500770020h, 72002000650064h

dq 200064006E0075h, 6E006900650073h, 630049000A000Dh, 65007700200068h

dq 20006500640072h, 64006E00750072h, 69006500730020h, 0D000A000D006Eh

dq 6500680057000Ah, 6F00790020006Eh, 62002000720075h, 20006400720069h

dq 62002000730069h, 65006B006F0072h, 57000A000D006Eh, 20006C006C0069h

dq 62002000740069h, 67006E00690072h, 75006F00790020h, 77006F00640020h

dq 0A000D003F006Eh, 200075006F0059h, 2000790061006Dh, 61002000650062h

dq 65006B006F0077h, 49000A000D006Eh, 20006C006C0027h, 72002000650062h

dq 64006E0075006Fh, 270049000A000Dh, 620020006C006Ch, 6F007200200065h

dq 0D0064006E0075h, 53000A000D000Ah, 73002000650069h, 6E006500670061h

dq 720069006D0020h, 6100640020002Ch, 53002000730073h, 6A002000650069h

dq 6E006500640065h, 6E006F00540020h, 68006500670020h, 200074007200F6h

dq 65006200610068h, 55000A000D006Eh, 6400200064006Eh, 20006E00690065h

dq 650067006F0056h, 61006B0020006Ch, 730020006E006Eh, 69007700680063h

dq 6E00650067006Eh, 620041000A000Dh, 64002000720065h, 61006B00200075h

dq 740073006E006Eh, 630069006D0020h, 69006E00200068h, 20007400680063h

dq 65007200F60068h, 44000A000D006Eh, 61006B00200075h, 740073006E006Eh

dq 630069006D0020h, 69006E00200068h, 20007400680063h, 65007200F60068h

dq 0D000A000D006Eh, 75006F0059000Ah, 6C006500740020h, 65006D0020006Ch

dq 61006800740020h, 6F007900200074h, 65007600270075h, 61006500680020h

dq 65002000640072h, 79007200650076h, 75006F00730020h, 7400200064006Eh

dq 65007200650068h, 0D007300690020h, 64006E0041000Ah, 75006F00790020h

dq 69006200200072h, 63002000640072h, 730020006E0061h, 67006E00690077h

dq 750042000A000Dh, 6F007900200074h, 61006300200075h, 2000740027006Eh

dq 72006100650068h, 0D0065006D0020h, 75006F0059000Ah, 6E006100630020h

dq 68002000740027h, 20007200610065h

db  6Dh ; m

align 2

dw 65h, 0FEFFh
          ends
                 end
Rudy Velthuis
  • 28,387
  • 5
  • 46
  • 94
LanguageWriter123
  • 1
  • 1
  • 2
  • Possible duplicate of [Which variable size to use (db, dw, dd) with x86 assembly?](https://stackoverflow.com/questions/10168743/which-variable-size-to-use-db-dw-dd-with-x86-assembly) – Wayne Phipps Dec 19 '18 at 16:30
  • 1
    Is this disassembly of a text file? Looks like you just got a hexdump in terms of qword integers that would assemble back into a mostly-ASCII text file. err not ASCII, maybe UTF-16 which would explain the `0` byte between each ASCII character, and the FEFF byte-order mark. – Peter Cordes Dec 19 '18 at 16:43
  • 2
    @Peter: that is a Unicode (UTF-16) text file as hex dump indeed, completely with BOM. But each `dq` only seems to define 7 byte values, so I guess the top byte is `00h` all the time, hinting at little-endian. – Rudy Velthuis Dec 19 '18 at 16:58
  • `dq 6E00550022FEFFh, 65006400200064h, 560020006E0069h, 6C00650067006Fh` is a 2 byte BOM, followed by UTF-16 characters `"Und dein Vogel`. Looks like a German text. – Rudy Velthuis Dec 19 '18 at 17:06
  • If you use a disassembler like `ndisasm -b32`, it will decode the bytes as instructions even when there are illegal instruction bytes mixed in. e.g. `db 0xff` / `db 0xfe` / `and al,[eax]` / `push ebp` `add [esi+0x0],ch` / `add [fs:eax],ah` / `add [eax+eax+0x65],ah` / ... Most byte sequences form valid x86 instructions, but usually in a nonsensical order unless it was intended to be x86 machine code. – Peter Cordes Dec 19 '18 at 17:33

1 Answers1

3

What you see is just a program designed to interpret bytes as machine code or binary data that is trying to interpret a text in UTF-16 Unicode format. The bytes hex FF,FE form a Unicode Byte Order Mark (BOM), the other bytes form a sequence of 16-bit "characters" (well, to be exact: code points). The first line:

dq 6E00550022FEFFh, 65006400200064h, 560020006E0069h, 6C00650067006Fh

is in fact Unicode text (to be exact, two bytes BOM followed by the 16-bit little endian Unicode text:

"Und dein Vogel

), but since the program sees everything you throw at it as binary data, it displays the data as quad words (64 bit values), hence the dq at the beginning of each line.

FWIW: dq means "define quadword" [i.e. define 64 bit item(s)].

This is what you get whan you use the wrong program for the wrong purpose: nonsense.

To read text, use a text editor or a word processor and not a hex editor. FWIW, if you had used the hex editor in byte mode, you would see that it is text. The right side would be displayed as something like:

..".U.n.d. .d.e.
i.n. .V.o.g.e.l.

Looks like a German song text.

Rudy Velthuis
  • 28,387
  • 5
  • 46
  • 94
  • it's the lyrics of "Und dein Vogel kann singen" along with the English translation *Sie sagen mir, dass Sie alles haben, was Sie wollen Und dein Vogel kann singen Aber du verstehst mich nicht Du verstehst mich nicht You tell me that you've got everything you want And your bird can sing But you don't get me You don't get me...* – phuclv Dec 20 '18 at 01:48
  • @phuclv: that is well possible. I didn't take the trouble of decoding the other hex values. Fact is that you can "decode" anything in a hex editor, although it doesn't make a lot of sense for plain text. A hex editor only knows bytes and words and double words and quad words, etc. – Rudy Velthuis Dec 20 '18 at 08:18
  • Wow thank you so much for your information and feedback, everyone on this site are like geniuses man. And you would be right it is a German text song lol. Everyone on this site put so much time into helping others and giving all their information to others about programming and helping others understand their code better which is a beautiful thing. I just opened the text file with a dissembler to see what it would look like and just threw up my hands since I didn't know what dq meant. Now I know a lot more about what this code means and all your interesting and extremely helpful feedback. – LanguageWriter123 Dec 20 '18 at 18:54
  • I'm stupid when it comes to coding and programming so I need a lot of help with this, I'm trying to learn assembly and reverse engineering using a dissassembler. But I have a lot to learn, so all your help is a blessing. Where did you guys learn assembly at and it's fundamentals? I'm trying to use the Art of Assembly by Randall Hyde to help me learn and understand assemby better. This seems like a very daunting task though and I don't know where to start. – LanguageWriter123 Dec 20 '18 at 19:02
  • @LanguageWriter123: I learned assembly by trial and error and some reading on Z80 (Sinclair ZX80) and 6502 (Acorn BBC B Micro) systems. Then moved to the 8088, etc. That started in 1981. [Had some time to learn more](http://rvelthuis.de/personal.html). For my first 8088 system, I even had to correct the BIOS, because it had a display loop with a wrong jump label, and that just worked with the timing of the 8088, but not with a faster NEC V20 processor (--> black screen). Anyway: **take your time**. – Rudy Velthuis Dec 20 '18 at 19:07
  • @phuclv: Actually it is a German translation of the English original by the Beatles "And Your Bird Can Sing". I must admit I didn't know the song. – Rudy Velthuis Dec 20 '18 at 19:28