Reading disassembled asm

[Banana fanna fo fanna]

Any tips/tricks/tutorials? I've tried and I just plain suck...lol.

[TheMinistered]

Storm, I think you might find more help with this @ www.gamethreat.com o www.schackit.com try contacting my brother, drakken, or any of the mods as they probably have some disassembling knowledge.

[iago]

If you aren't too famalier with assembly, write simple programs and disassemble them to get an idea of how parameters are passed, how loops work (for/while/do-while), how conditional statements work (if/else/else if), switch statements (switch/case) and variables, arrays, structs, etc. until you get a good feeling (ie, you can recognize them).

I would recommend using IDA (get it off my ftp, iago.no-ip.com:665, username Guest password Guest, folder programs).  You can add comments (and should add a generous amount) and name variables (I would suggest naming everything you can.

Also, running a debugger (softice, windbg, even TSearch) that lets you watch the variables as they change, or step through loops is handy to have for complicated things that you don't necessarely understand.

Finally, here are the online references I use when I don't know what an operand means:
http://www.clipx.net/ng/masm/ng3ea.php
http://thsun1.jinr.ru/~alvladim/man/asm.html

Although now that we all have the big assembler books from Intel this isn't as important, but meh.

[tA-Kane]

I'll point out that iago's FTP username/password (Guest/Guest) is case sensitive.

[Banana fanna fo fanna]

Thanks iago. How can I get symbols to work in WinDbg?

[iago]

You have to download them from www.microsoft.com.  Search their site for windbg and you'll find it (need windows 2k+, though), and the symbols are there too.  I've never actually downloaded them, so I can't help you more than that.

[Etheran]

This was a really good read:
http://krobars.reverse-engineering.info/beginner/178.html