Berdasarkan note yang diberikan oleh @ZackStark di http://forum.tbd.my/topic/13451/self-study-material-sempena-bengkel-rce-2016. Aku cuma nak bincangkan basic-basic yang perlu tahu untuk memahami example-example yang diberikan dalam tu. Jadi penerangan aku dalam BI, dan ada maklumat yang disampaikan tu aku just copy paste dari website lain, tapi aku tulis balik sebenarnya sebab untuk pemahaman aku.
The above is the template for x86 assembly language. I will explain one by one.
1. .386 = This is an assembler directive, it will tell the assembler to use 80386 instruction set. Actually there are many instruction set which are .486, .586, but the safest is to stick to .386.
2. .MODEL Flat, STDCALL = .MODEL is an assembler directive that specifies memory model of your program. Under win32, there's only one model, FLAT model. STDCALL tells MASM about parameter passing convention. Parameter passing convention specifies the order parameter passing, left-to-right or right-to-left, and also who will balance the stack frame after the function call.
C calling convention passes parameter from right to left, that is, the rightmost parameter is pushed first. The caller is responsible for balancing the stack frame after the call. For example, in order to call a function named foo(int first, int second, int third) in C calling convention the asm code will look like this :
3. .DATA
.DATA?
.CONST
.CODE
all of this above are what we call section. You don't have segments in win32, remember? But you can divide your entire address space into logical sections. The start of one section denotes the end of previous section. There are two groups of section which are data and code.
-Data sections are divided into 3 types:
-Code section only have one section :
where <label> is any arbitary label is used to specify the extent of your code. Both labels must be identical. All your codes must reside between <label> and end <label>
All of these above explanation I got it from http://www.programminghorizon.com/win32assembly/tut1.html. So thanks to them.
Back to example 1, here are the assembly codes given :
So we go through by each line,
1. they used 80386 instruction set,
2. used Flat model for memory model and STDCALL for parameter passing convention,
3. include kernel32.inc and include user32.inc, so this is new directive which is include. So include will open all the files stated, then process it,
4. .data, here where you initialized your program. msg_text and msg_caption are our variable, db is our define byte and "Hello world",0 is your string, why 0? The string is called [null-terminated string](https://en.wikipedia.org/wiki/Null-terminated_string) where characters is stored as array and end with terminated character which is 0.
for db(define byte) explanation :
db(define byte) = will store one byte
dw(define word) = will store two bytes
dd(define dword) = will store for bytes
so why this program use db? because all the character used are only in one byte range which is from 0-255.
for further explanation can read http://www.tutorialspoint.com/assembly_programming/assembly_variables.htm.
5) .code where the <label> is 'main'.
I have comment some in the code. Okay first, four push instruction you see in that code are referring to parameter that MessageBoxA will receive. Dont understand?
Okay here is the C example :
why MessageBox receive 4 parameters?
refer : https://msdn.microsoft.com/en-us/library/windows/desktop/ms645505%28v=vs.85%29.aspx
So MessageBoxA will receive 4 parameters, after push to the stack, then it will call the MessageBoxA to process all the parameter. Then it will return the value. About call and ret maybe you can search google about their function. Since I also dont understand it very well. Haha.
Jadi itu sahaja penerangan saya. Saya buat ni untuk nota sendiri, jadi alang-alang tu share dengan warga TBD. :)