逆向工程汇编语言 [英] Assembly language for Reverse Engineering

问题描述

我应该选择NASM或MASM学习组装。我想学习汇编，动机是逆向工程。

What should I choose NASM or MASM for learning assembly. I want to learn assembly, motivation being Reverse Engineering.

所以，当我拆开了一些可执行文件，我可以通过看反汇编code理解code。

更新：我想我不力让我自己清楚。我理解那些装配，但要了解反汇编我需要知道组件的输出，这就是我要问哪里开始（与MASM或NASM的原因）

Update: I think I dint make my self clear.. I understand those are assemblers, but to understand the output of a disassembler I need to know assembly and that's the reason I'm asking where to start(with MASM or NASM)

推荐答案

假设你想学习如何做逆向工程的在Windows ，这里的如何。用Linux的方法是非常不同的（虽然最终你会得到更多的还是同一个地方以下）：

Assuming you want to learn how to do reverse-engineering on Windows, here's how. The Linux Way is very different (although eventually you get to more or less the same place):

您想要的东西很简单的开始，就像8080处理器。你可以在这里找到一个在线仿真器： http://www.tramm.li/i8080 - 这是所谓的CP / M的传统操作系统。点击开始EMU8080链接 - 你会得到SID的命令行 - 一个简单的古调试器。它只有像10的命令 - 在任何地址，浏览记忆，进入新的装配命令等键入help来一饱眼福。你可以试试，如果你想谷歌的一个SID手册。那么谷歌8080装配手册 - 你会发现一堆PDF文件的 - 他们都将是英特尔在20世纪70年代写的一样2手册的副本。同时读取 - 他们会给你一个良好的开端为808X系列CPU的基本知识。 用于PC的所有现代处理器从8080的。播放与SID 8080，直到你觉得你得到了主意。

You want to start with something very simple, like 8080 processor. You can find an online emulator here: http://www.tramm.li/i8080 -- this is a legacy OS called "CP/M". Click on "Start EMU8080" link -- you will get a command line of "SID" -- a simple ancient debugger. It only has like 10 commands -- to browse memory at any address, to enter new assembly commands etc. Type HELP to see them all. You can try and google for a SID manual if you want. Then google for 8080 assembly manual -- you will find a bunch of PDFs -- they will all be copies of the same 2 manuals written by Intel in 1970s. Read both -- they will give you a good start into 808x CPU basics. All modern processors used in PCs are derived from 8080. Play with SID and 8080 until you feel like you got the idea.

下一步是8086。为此，你需要得到的Window XP的副本，并在命令行中运行调试程序。 DEBUG SID是微软的敲竹杠。这将是非常容易学习，一旦你知道SID。该文档是在这里： http://thestarman.pcministry.com/asm/debug/debug。 HTM - 多读就可以了，也请务必遵循链接到其他网页 - 在同一网站包含基本的编程8086的一堆东西。如果到时候你就已经内的8080手册，8086会感到无比轻松。 （如果你跳过8080 / SID阶段，一切都会觉得不可思议和拼图将采取更多的时间整理出的，相信我。）

Next step is 8086. For this you'll need to get a copy of Window XP and run DEBUG program in command line. DEBUG is Microsoft's rip-off of SID. It will be very easy to learn once you know SID. The documentation is here: http://thestarman.pcministry.com/asm/debug/debug.htm -- read as much as you can, also make sure to follow the links to other pages -- the same site contains bunch of stuff on basic 8086 programming. If by that time you will have internalized the 8080 manuals, 8086 will feel super-easy. (If you skip the 8080/SID phase, everything will feel weird and the puzzle will take more time to sort-out, trust me.)

您可能还需要与 http://ladsoft.tripod.com/grdb_debugger.html - DEBUG的改进克隆，更易于使用。

You may also want to play with http://ladsoft.tripod.com/grdb_debugger.html -- an improved clone of DEBUG, easier to work with.

下一步，得到一本书由彼得·阿贝尔被称为IBM PC汇编语言和编程 - 老版，效果更好。你可以找到一个在亚马逊像1降压（我不是在开玩笑！）。首先阅读7章。让自己的汇编称为FASM（忘了MASM和NASM废话）。阅读FASM文档。写在16位实模式的程序。您仍然可以在Windows XP的命令行中运行它们。

Next step, get a book by Peter Abel called "IBM PC Assembler Language and Programming" -- the older edition, the better. You can find one on Amazon for like 1 buck (I'm not kidding!). Read first 7 chapters. Get yourself assembler called "FASM" (forget MASM and NASM crap). Read FASM documentation. Write a program in 16 bit real mode. You can still run them on Windows XP command line.

下一步，阅读 http://www.drpaulcarter.com/pcasm/ - 这将帮助你了解保护模式。然后读取实际英特尔386参考文档： http://www.logix.cz/michal/doc / I386 /

Next step, read http://www.drpaulcarter.com/pcasm/ -- this will help you understand protected mode. Then read the actual Intel 386 reference documentation: http://www.logix.cz/michal/doc/i386/

然后买了一本书叫逆向工程倒车。秘密。这是pretty跛，但会给你下一步要学什么了。像低级别的Windows程序设计（邮件，处理程序等。）

Then buy a book called "Reversing. Secrets of Reverse Engineering". It's pretty lame, but will give you some ideas on what you need to learn next. Like low-level Windows programming (messages, handlers etc.)

一旦您完成这一切了，只有这样，你可以下载 http://www.ollydbg.de/并试图与它玩。一定要得到1.x版本，而不是2.x版本去YouTube和发现一些教程。欢迎您跳过这一步，但我可以保证，你会感到沮丧，除非你按照通过上述所有将无法弄懂你在屏幕上看到的。

Once you got through all this, only then can you download http://www.ollydbg.de/ and try playing with it. Be sure to get version 1.x, not 2.x. Go to Youtube and find some tutorials. You are welcome to skip over to this step, but I can guarantee you will get frustrated and won't understand anything you see on the screen unless you follow through all of the above.

祝你好运。如果您有任何问题，你可以通过我的博客和我联系（链接是我的个人资料页）。

Good luck. If you have any questions you can contact me via my blog (the link is on my profile page).

这篇关于逆向工程汇编语言的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！