Debugging Video Tutorial
Lesson #1 OllyDbg
This is the first lesson in the debugging-class.
No experience required!
In this lesson we download OllyDbg, install it, configure it and I explain the most important parts of it (for now).
- Video-files (22,5MB)
Lesson #2 Basic ASM
Time to learn some basics of the Assembler-language!
”ASM-instructions”
Common Assembler-instructions
-----------------------------
PUSH <value>
Puts a value on the top of the stack
POP <register>
Gets data from top of the stack and puts it in the reegister
Example of PUSH and POP:
PUSH 01
PUSH 05
POP EAX
POP EDX
After these instructions EAX would be 5 and EDX would be 1.
---------------
MOV <to>,<from>
Moves data from one place to another
Example: MOV EAX,01
---------------
CMP <value1>,<value2>
Compares 2 integral values and puts different flags based on te result of the comparison.
Example: CMP EAX,EDX
---------------
TEST <value1>,<value2>
Compares bitvalues in data often used TEST EAX,EAX in software to check if EAX is zero, example after a function that checks if a serial is correct..
---------------
CALL <adress>
Calls (runs) a function or subroutine.
Example: CALL 004123AB
---------------
RET
Returns from a subroutine or function to the code after the call that called it.
---------------
DEC <value>
Decreases a value by 1
Example: DEC EAX
Will decrease EAX by 1
---------------
INC <value>
Increases a value by 1
Example: INC EAX
Will increase EAX by 1
---------------
SUB <value1>,<value2>
Subtracts value1 with value2, then puts the result in value1.
Example: SUB EAX,03
---------------
ADD <value1>,<value2>
Adds value1 and value2, then puts the result in value1.
Example: ADD EAX,05
---------------
XOR <value1>,<value2>
eXclusive OR, most commonly used to quickly set a register to 0 for simple encryption.
Example: XOR EAX,EAX
Will make EAX 0.
”Short explanation of Jump-instructions”
Jump-instructions
-----------------
Jumps are used to control the program-flow, they decide where in the program we go, and in the company of eg. a CMP-function he jump can decide wheter the program is going to run code in one place or another.
In programming such as C++ this is used as "if-casees", if value "A" is 5 do something, if not then do something else.
//C++
if( A == 5 ){ do Something(); }
else{ do SomethingElse(); }
There's many jump-instructions which are used for different things, here's a short list with the most common ones:
JMP <adress> - Jump (always jumps)
JZ <adress> - Jump if Zero
JNZ <adress> - Jump if Not Zero
JE <adress> - Jump if Equal
JNE <adress> - Jump if Not Equal
JG <adress> - Jump if Greater
JGE <adress> - Jump if Greater or Equal
JB <adress> - Jump if Below
JBE <adress> - Jump if Below or Equal
JA <adress> - Jump if Above
JAE <adress> - Jump if Above or Equal
- Video-files (28,3MB)
Lesson #3 Byte-signatures
Lesson about byte-signatures:
- What are they?
- What good do they do?
- How to make them?
- Video-files
Author: Mr. Novocain