OLLYDBG's assembly language review

This article from http://bbs.pediy.com/showthread.php?t=184658&highlight=OllyDbg+Cracking+ Use + from zero + zero Open + start + extract Finishing

Some flag registers 

o Flag (overflow flag) high overflow

indicates whether the result of a signed number plus minus operation overflows. When the result of the instruction exceeds the maximum value that it may access, if the result of the operation exceeds the range represented by the current number of operations, it is called overflow, and the value of of is set to 1, otherwise, the value of the is cleared to 0.

a flag (auxiliary carry sign)

P mark (parity mark)

when the binary format of the instruction result contains an even number of 1 o'clock, it is set.

Z Flag (0 mark)

When the operation produces a result of 0 o'clock is set.

s flag (symbol sign)

This flag is set to 1 when the result of the operation is negative.

C flag carry flag

( Treat the number of participating operations as an unsigned number ) when the highest bit of the result of the operation takes place (addition) or borrow (subtraction), the carry flag is placed 1, or cf=1; otherwise cf=0.

The flag is set to mean that it equals 1 and is cleared, so that it equals 0.

Assembly Instructions

NOP (No operation)
Running this directive does not have any effect on registers, memory, or stacks, meaning "no action" in English words, that is, it has no special purpose.

PUSH

Push instruction-presses the operand onto the stack.

POP
A pop instruction is a stack: it takes the first letter or the first value from the top of the stack and then stores it in the specified destination address memory unit

Pushad
The Pushad instruction presses the contents of all common registers into the stack in a certain order, and Pushad is equivalent to ' push Eax,push ecx,push edx,push ebx,push esp,push ebp,push ESI, Push EDI '.

Popad
The directive is exactly the opposite of Pushad, which takes values from the stack and places them in the appropriate registers. Popad is equivalent to "POP edi,pop esi,pop esp,pop esp,pop ebx,pop edx,pop ecx,pop EAX".

MOV
The instruction assigns a second operand to the first operand

MOV AL, CL
This command assigns the value of CL to Al

MOV DWORD PTR ds:[400500],eax     

The values in the eax are given to a double-byte memory unit, and the values in the memory cells are Small terminal mode Storage

MOV Ax,word PTR ds:[405008]
Assign two bytes in 405008 memory cells to ax

MOVSX (transfer instruction with symbol extension)
The second operand may also be a register of memory cells, the number of bits of the first operand is greater than the second operand, and the symbol bit of the second operand fills the remainder of the first operand.

MOVZX (with 0 extended delivery instructions)
MOVZX is similar to the preceding statement, but in this case the remainder is not populated based on the positive or negative of the second operand.

LEA (Fetch address instruction)
Similar to the MOV instruction, but the first operand is a universal register, and the second operand is an internal deposit element. The operand is simply the address of the memory unit, not the content inside.

as LEA eax,dword PTR ds:[ecx+38] in DWORD PTR ds:[ecx+38] refers to memory address

XCHG (Swap register/memory unit and register)
The instruction exchanges the value of two operands

Arithmetic assembly Instructions

Inc and Dec
The two instructions are to perform the increment and decrement operations, and if the INC directive, add 1, minus 1 if the DEC directive.

ADD
The add instruction has two operands, and the added result is stored in the first operand. The previous one can be a memory address

ADC (add with Carry)
in this case, the value of the two operand and the rounding flag, the result is stored in the first operand. carry flag C position 1 after addition

SUB Subb Similar

MUL (multiplication of unsigned numbers)
There are two kinds of multiplication, the first one is Mul, this is the unsigned number multiplication, only one operand, the other operand is eax, and the result is stored in edx:eax. MUL ECX
Here is the unsigned number eax,ecx multiplied, and the result is stored in edx:eax.

Imul (multiplication of signed numbers)
The Imul instruction usage is similar to MUL.
Imul ECX
The instruction will have the signed number ecx multiplied by eax, and the result is stored in edx:eax.

DIV (unsigned Division)/IDIV (signed division) similar

XADD (Swap and add)
As you can imagine, this command is actually a combination of XCHG and add two simple commands.
XADD EAX,ECX

The result of the addition is the one that is deposited into the first operand.

NEG
The purpose of this instruction is to reverse the symbol of the operand, that is, if we have a 32-bit 16 binary number, the result will be reversed if we use neg.

and bitwise AND
or bitwise OR
Not bitwise reversed.
XOR bitwise-XOR or

Compare

Cmp
the directive is a comparison two operands, in fact, it is equivalent to a sub instruction, But the subtracted structure is not saved to the first operand . Just change the 0 flag bit according to the result of subtraction, when two operands are equal, the 0 flag position 1(z sign (0 mark)) See the top .

If the result is negative, thes flag (symbol sign) position 1. , the CMP directive also allows the register to be compared to the value of the Byte,word,dword type of memory unit.

TEST (logical comparison)
this directive is similar to the CMP directive in a certain program, with two values and Operation , the result is not saved, but changes the corresponding flag bit (for example, the SF,ZF,PF flag bit), the program can decide whether to jump to the corresponding branch according to the result.

Conditional Jump

jmp– Jump
JE, jz– result is zero jump
JNE, jnz– result not zero jump
js– result is negative then jump
jns– results are not negative then jump
JP, jpe– the number of 1 in the result is even, jump
JNP, the number of jnpe– results is 1 is odd, jump
jo– Results Overflow, then jump
jno– result no overflow then jump
JB, jnae– less than jump (unsigned number)
JNB, jae– is greater than or equal to jump (unsigned number)
Jbe, jna– is less than or equal to jump (unsigned number)
Jnbe, ja– is greater than jump (unsigned number)
JL, jnge– less then jump (signed number)
JNL, jge– is greater than or equal to jump (signed number)
Jle, jng– is less than or equal to jump (signed number)
Jnle, jg– is greater than jump (signed number)

JMP
This is an unconditional jump instruction, that is, always jump to the specified address . Modify EIP

Je or JZ
These two conditional jump instructions are equivalent, but the form of writing is different. We can see that the zero flag bit z is set to jump 1.

Jne or JNZ
This directive is exactly the opposite of the preceding instruction: if the 0 flag bit z is 0, then the result of the operation is nonzero.

JS (smaller)
As can be seen from the table above, when the result of the comparison is negative will jump, that is, according to the previous example is eax less than ECX.

JNS
This jump command is just the opposite of JS. Jump when the 0 flag bit s is 0, that is, in the previous example, EAX is greater than ECX.

JP or JPE
This jump command when the odd and even flag bit p 1 will occur, that is, the result of comparison 1 if the number of even, then jump

JNP or JNPE
This directive is exactly the opposite of the previous instruction,

JO
When overflow occurs, that is, the overflow flag bit o 1 when the jump.
Jno
Contrary to the previous instruction, here is when the overflow flag bit o is 0 o'clock jump, that is, when the overflow does not occur.

Jb
Jumps if the first operand is less than the second operand. And JS is the difference between JS only check the S sign Mark bit, and JB Check C carry flag bit (by the C flag bit is the unsigned number of operation characteristics, JB can only be used to determine the size of two unsigned numbers).

JNB
Contrary to the JB directive, this instruction is to jump when the carry/borrow flag bit is 0, that is, when the result is positive. In the previous example, jumps do not occur because EAX is less than ECX.

Jbe
This instruction is less than or equal to the time of the jump, which is judged two flag bit, when the carry/borrow flag position 1 or 0 flag bit Z 1 will occur when the jump, that is, eax to less than or equal to ECX will occur jump.

JL
This command jumps when it is less than the previous one, but slightly different from the JB. This directive determines whether to jump (as with JS) according to the sign bit s. Silly points are not clear).

OLLYDBG's assembly language review