m2ts to mov

(16) label: HBCD function: convert a single-byte hexadecimal integer to a single-byte BCD code integer Entry condition: The hexadecimal Integers of A single byte to be converted are in the accumulators.Exit information: the converted BCD code INTEGER (ten digits and one digit) is still in the accumulators A, and the hundred digits are in R3.Affected resources: PSW, A, B, and R3 stack requirements: 2 bytes HBCD: mov B, #100; separates hundreds of BITs

[Reprint] study on how nt loads ntldr nt guidance 1 Http://forum.eviloctal.com/thread-17505-1-1.html Source: www.hackart.org Author: windy men The operating system boot process is as follows:1. the BIOS reads the MBR to 0000: 7c00 and submits the execution permission to the MBR.2. MBR identifies partitions and reads dbr0000 with boot permission: 7c003 DBR: locate ntldr and read ntldr into memory at. ntldr is 32-bit and loaded into the kernel. The following is the code analysis in step 1 of the

description pseudo-directive; Cs:code, Ds:data, Ss:stack1: Code segment Register CS is associated with code, data segment register DS is associated with a, and the stack segment register SS is associated with Stack1. Assume Cs:code,ds:data,ss:stack1; Defines the program entry Start:push DS, presses the data segment register DS into the stack sub Ax,ax, and the AX register 0 (other methods include: 1.MOV ax,0 2.AND ax,0 3.XOR ax,ax) push ax; Ax regist

at the decryption:. data:00406030 Pfnshellcode proc near; DATA XREF: _maino.data:00406030.data:00406030 szcreatefilew= byte ptr-80h.data:00406030 szphysicaldrive0= byte ptr-74h.data:00406030 pcreatefilew= DWORD ptr-4ch.data:00406030 var_48= byte ptr-48h.data:00406030 szcrea= DWORD ptr-8.data:00406030 PROCESSOR _architecture= DWORD ptr-4.data:00406030 sztefi= DWORD ptr 8.data:00406030.data:00406030 55 Push ebp.data:00406031 8B EC

Assume Cs: codecode segmentdata segment dB '000000', '000000', '000000', '000000', '000000', '000000', '000000 ', '000000' dB '000000', '000000', '000000', '000000', '000000', '000000', '000000 ', '000000' dB '000000', '000000', '000000'; The above is a 21-year string 4*21 = 84 dd 1992, 22, 1993, 1994, 1995, 5937000 million, DD 345980,590827, 80 million, 1183000, 1843000,2759000, 3753000,4649000,; The above indicates the company's total revenue in 21 years DWORD data 4*21 = 84 DW 3, 7, 130,220,4

Recently I learned a lot of shell removal scripts, and Tortoiser also made a lot of videos about shell removal, which made me learn a lot and feel the power of the experts. I also need to work hard. Of course, sometimes I read the script and sometimes it appears like this. to be honest, I cannot know why such a feature is extracted there. you need to know that only you can find the answer through practice. I chose the Themida v1.8.2.0 shelling program. In addition to the OEP processing option, t

8086 assembly instruction summary, 8086 assembly instruction After learning, we have summarized the Common commands in 8086 Assembly as follows: (1). mov: move data For example: Mov ax, 8 h; mov register, constant mov ax, bx; mov register, register

: Baiyun district .. 1. dib32-bit, pre-multiplication alpha proc AlphaPreMul uses ebx edi, pBitDst,pDstRect,dwDstWight local dwWight:DWORD,dwHight:DWORD ;--------------------------------------- mov edi,[pBitDst] mov edx,[pDstRect] ;(p,q) mov eax,[edx+RECT.right] test eax,eax jz .exit

access the table, the value is int * p; p = a. Then, * p = 0 (equivalent to a [0]). * (p + 2) = 3 (equivalent to a [2]); the memory structure is as follows: ├ ── ─ ┤ ← p │ A [0] │ ├ ─ ┄ ┤ ← P + 1 │ A [1] │ ─ ┄ ┤ P + 2 │ a [2] │ ├ ── IntValue; 6: int a [3] = {1, 2, 3}; 0040E9C8 mov dword ptr [ebp-10h], 1 // note [1] 0040E9CF mov dword ptr [ebp-0Ch], 20040E9D6 mov

.) Therefore, the grandfather class in the above example is placed at the end.Let's look at the access to members. Run the following code and view the corresponding assembly code.C110 c110;C110.c _ = 0x51;C110.c100: C _ = 0x52;C110.c101: C _ = 0x52;C110.c041: C _ = 0x53;C110.foo ();The corresponding assembly code is:01 00423993 Push 102 00423995 Lea ECx, [EBP + fffff7f0h]03 0042399b call 0041de6004 004239a0 mov byte PTR [EBP + fffff7fah], 51 H05 0042

Assume Cs: CodeCode segmentStart0: mov BX, 0MoV ax, 200 hMoV es, ax MoV ah, 2MoV Al, 3MoV CH, 0MoV Cl, 2MoV DH, 0MoV DL, 0 INT 13 HMoV ax, 200 hPUSH AXMoV ax, 0PUSH AXRetf Start1: JMP short startS1 dB '1. restart pc', 0, '2. start System ', 0, '3. clock ', 0, '4. set clock ', 0, '5. input error! ',' $ ', 0 Start: mov ax, 0b800hMoV es, axMoV ax, CSMoV ds, axMoV Si

:; output data to the table in the form of characters mov ax, table mov ds, ax mov Si, 0 mov ax, data mov es, ax mov BX, 0 mov CX, 21 mov D

After learning, we have summarized the Common commands in 8086 Assembly as follows: (1). mov: move data For example: MoV ax, 8 h; MoV register, constant mov ax, BX; MoV register, register mov ax, DS: [0];

:00438C26|. EBX Push00438C27|. A-push EBP00438C28|. all-in-push ESI00438C29|. $ push EDI; Here is the padding of an array00438C2a|. B0 al,0x72 mov; "R"00438C2c|. 884424 2F mov byte ptr ss:[esp+0x2f],al00438C30|. 884424 mov byte ptr ss:[esp+0x31],al00438C34|. 884424 mov byte ptr ss:[esp+0x34],al00438C38|. 884424.

Sidi is a register with similar functions between 8086cpu and BX. Sidi cannot be divided into two 8-bit registers. The following three sets of commands implement the same functions: (1) mov BX, 0 MoV ax, [BX] (2) mov Si, 0 MoV ax, [Si] (3) mov Di, 0

; END of [section. GDT] [section. data1]; Data section ALIGN [BITS] label_data:spvalueinrealmode DW 0; String Pmmessage:db "in Protect Mode now. ^-^ ", 0; This string is displayed after entering protected mode offsetpmmessage equ pmmessage-$$; Pmmessage start address offset pmmessage2:db "Hello world!" Pmmessage2len equ $-PMMessage2 OffsetPMMessage2 equ PMMessage2-$$ datalen equ $-label_data; END of [section. Data1]; Global stack segment [section. GS] ALIGN [BITS] label_stack:times db 0; stack s

:{0040c230 push EBP0040c231 mov EBP, ESP0040c233 sub ESP, 60 h0040c236 push EBX0040c237 push ESI0040c238 push EDI0040c239 Lea EDI, [ebp-60h]0040c23c mov ECx, 18 h0040c241 mov eax, 0 cccccccch0040c246 rep STOs dword ptr [EDI]31: mostbase1 * pbase1 = pderived;0040c248 cmp dword ptr [EBP + 8], 0 [1]0040c24c jne f + 27 h (0040c257)0040c24e

(LABEL_GDT), (char*) LABEL_GDT}; Segment bounds, base address asm Void Main () {MOV ax, CS mov ds, ax mov es, ax//clear screen mov ah, 06h//screen initialization or roll mov al, 00h//ah = 6, Al = 0h mov BX, 1110h//blue background

details to be dealt with.(6) Pay attention to the protection of DX and AX values (pressed into the stack); by Tachdata segment Esc_key equ 1bh; exit Win_ulc equ 30; left column WIN_ULR equ 8; upstream WIN_LRC equ 50; right column WIN_LRR Equ 16, downlink win_width equ 20, Width board_shift equ 48h, cursor up board_down equ 50h; cursor down board_left equ 4Bh Cursor left board_right equ 4Dh; cursor right shift board_back equ 08h; BACKSPACE string db "Tach ' notepad!$" endsstack segment DW-

Document directory 1. Function Parameters 3. Reference This article is based on Win32 compilation.1. Function Parameters The growth direction of function stack is opposite to that of address, from high address to low address. ESP points to the top of the function stack, and EBP points to the bottom of the function stack. Sub esp xxx pushes memory blocks of XXX length into the stack Add esp xxx to bring up a stack of memory blocks of XXX Length Example of parameter pressure stack Sequence