Instructions: Instructions are the operation of the processor (CPU) determined b

y its instruction set.

Instruction Set: An instruction set is a group of instructions that the CPU can
execute (reference: instructions)
Now: Let me start off with some basic instructions.
[mov - move]
[add - arithmetic add]
[sub - arithmetic subtract]
[jmp - jump, jumps to a code location(even for conditional jumps)]
[jne - jump if not equal]
[je - jump if equal]
[ja - jump if the condition is above]
[jb - jump if the condition is below] - Literally, if you view an application in
a disassembler it means if the condition is above or below the jumping address
[cmp - compare]
[test - this performs an AND conditional, if both the operands/registers are non
-zero then the condition becomes true]
[push - pushes a value/address onto the stack]
[pop - pops a value/address from the stack]
[inc - increase/increment]
[dec - decrease/decrement]
[ret - return]
[call - calls a subroutine/function]
I didn t include all the instructions, nor all the jump instructions either
mov eax,ecx; this moves the address at the register ecx into eax
[assembly comments are after the terminator/semicolon ; and are ignored by the com
piler]
add [ecx], 0xFF; this adds the value 255(decimal) to the value of the ecx regist
er, that s what 255 is in hexadecimal
add [ecx], 255; you can do this as well
register - no brackets = the address of the register
[register] - brackets = value of the register
As you can see the instructions are used here and they re complemented by an opera
tion. So think of it like this:
add = instruction
add eax,15 = complement of the instruction making it an operation code
mov [eax+15], 0x00; this moves the value 0 into eax and offsets it 15 places fro
m the location
Register: Registers for now, are basically storage units to place values (EAX,EB
X,ECX,EDX,EDI,ESI,ESP,EBP)
Stack: Keeping it basic, storage for where the registers are pushed/popped, It's
a Last In First Out structure.
Now lets make this more of a program shall we? (I m not going to include all of th
e data definitions but you ll still understand it)
This is a simple register check
add [eax], 100
cmp [eax],100
je successful; if the comparison is not successful then it skips over this
cmp [eax],100

jne fail
successful:
ccall [printf], good ; printf is C
ccall [ExitProcess]
fail:
ccall [ExitProcess]; Immediately exits the process
Memory Address: Really, it s just a data-type
Memory Regions:
.data is where most of the variables would go
.code/.text is where the executable routines of the program are located
.idata is where data/libraries are imported

Quick App Patching:

Tool you need: Cheat Engine
App to be patched: http://crackmes.de/u...ou_can/download
Open the application and attach cheatengine to the process, do a referenced stri
ng scan
Go to the reference for You got it. (not the actual string)
You should see this: http://puu.sh/atK28/316e225f19.png
Change the je to jne
remember je = jump if equal
jne = jump if not equal
We re changing it to jump if not equal because it will jump to SUCCESS if the key
isn t correct. If it was jump if equal then it would only jump if the key was righ
t.
Think of this as like an if condition.