New Resource: Freeware version of IDA Pro Disassembler!

How PC Programs Work:
Understanding x86 (Intel)
Machine Code

    This area of  The Starman's Realm could also be called Assembly Language 101. Though most of these pages will deal with pre-existing programs and figuring out how they work rather than teaching you how to create them, we've finally added a page about assembling and compiling x86 Assembly source code under MASM (which is FREE if you know where to look for it; don't worry, we'll show you!). You'll come to understand much about Intel 8086 and other x86 Assembly instructions as you learn how the example programs function on a PC.

Whether you want to create your own programs or simply try to understand how others work, you must have a listing of all the basic Intel x86 Opcodes and a copy of Ralf Brown's famous Interrupt List  (see the References section below for obtaining free downloads of both items). If you move on to C/C++ or Win32 Assembly (see below) programming for Windows®, you'll also need to know about Windows API calls!

Another valuable resource for many students will be the IDA PRO Disassembler, created by Ilfak Guilfanov. DataRescue has released a FREEWARE (for noncommercial use) version of IDA PRO (v. 4.9 - 15,322 KiB Windows® install file); download it from here (or search for other download sites):
http://www.datarescue.com/idabase/idadownfreeware.htm . This version still allows you to perform an interactive disassembly of x86 code under Windows® (9x/Me thru XP).
    Though it will take some time to learn how to use (it's not like a simple text editor), IDA Pro can save you time later on because it will automatically update every cross reference to the same label whenever you rename it! IDA Pro understands all the later Intel instructions which DEBUG chokes on, and it will also create and save various .lst, .ASM, .map, etc. files for your disassembly project.

Pages in this Area

What Is "Hexadecimal"?   All about HEX with a bit of PC history. All PC files (whether stored on disk or being used in Memory) are Binary, but Assembly programmers use Hexadecimal rather than Binary for most of their work; thus the phrase Hex Editor.


A Guide to MS-DEBUG   A definitive guide to Microsoft®'s DEBUG program! Includes a History section and Tutorial! All the major commands of MS-DEBUG are explained in detail with coding examples that give you practical experience.


MASM and Linker   Find out where to get the latest Microsoft® Assembler (MASM) and Linker programs for FREE!  This page includes example Assembly source code to compile under MASM.


Two-Byte (SHORT) Jumps in x86 ASM   Just a simple discussion of these Relative Jumps in Assembly code. The main point is about the difference between Reverse (or Backward) Jumps and Forward Jumps; and why Reverse Jumps must use 2's Complement arithmetic to decode the signed Offset byte. Also mentions both NEAR and FAR Jumps. Includes an example program, JMP.COM.

FIRE.com: ASM Code and MS-DEBUG Tricks

The SEGMENT:OFFSET Method for Addressing Memory in DEBUG and other Utilities
( Includes comments on the boundaries between "Conventional, UMA and HMA" Memory.)

An Examination of the EICAR Standard AV Test Program Including A step-by-step Analysis of its Operation (Assembly code) using MS-DEBUG

All about the MBR (Master Boot Record) and other Boot Sectors
( Make sure to download my file: MBRDemo.zip and MyMBR.zip which includes some DEBUG scripts. There are a number of free commercial-quality tools you can also download from this page! )

Projects: DisAssembling and Debugging Programs that Display ASCII Characters
( Using DEBUG to examine Assembly and C programs with INT10 and INT21 video functions. )

Windows™ 32-bit Assembly Programming: These are just a few examples I'm using to learn about it myself plus a link to where you can find out more!

Important x86 (PC) Tools and References:

x86 Opcodes (157 kb .zip file) - A complete reference of all the Intel x86 CPU instructions up to and including the Pentium (except for MMX and FPU code); all in a nice searchable Windows Help file. The Basic Architecture Overview page has nice diagram of all Pentium Registers and Flags!
(NOTE: There's a small bit of info about machine codes missing from the file! If you really need this, write me or download these .PDF manuals!):

More advanced information on Intel Opcodes can be found here:
Pentium IV Software Developer's Manual (includes all Assembly code back to 8086):
Volume 2A (A-M Mnemonics) and Volume 2B (N-Z Mnemonics); see bottom of each page for either HTML or FTP downloads.

HexIt 1.57 (134 kb .zip file; 10 SEP 2001) is a free Hex Editor with built-in Disassembler by Mikael Klasson ("Fluff "). The Disassembler understands any x86 instructions up to and including Pentium II (with MMX and FPU too) plus other features. Use this to check for Assembly code beyond the limits of DEBUG (which can only disassemble 8086/8087 code). DOS and WIN executables.
Here's another page about: Free Hex Editors for you to try out.



---


Ralf Brown's Interrupt List - The most complete listing of all the BIOS and DOS INTterrupts in the world; Release 61 (16 July 2000).

Instructions: Download the zip archives inter61a.zip through inter61e.zip (Parts A through E) and the file rbilv21.zip (further down the page).

1) Extract all the contents of Parts A through D into a single folder (except for File_id.diz which is the same for all the parts). You can use a temporary folder if you wish, since the 'Combine' program (see below) can move the results to another folder of your choice.

2) Open a DOS-Window (command prompt) to the folder. If you a) wish to send the results elsewhere, ENTER the command: combine destination folder or combine -d destination folder (the -d option deletes the pieces from the temp folder). If you b) want the combined lists to remain where they are, then simply ENTER:   combine . (the dot is required!)   with or without the -d option. Resulting file is: Interrup.lst   Example:


C:\ASM\RalfBrown\temp>combine -d C:\ASM\INTList

3) Repeat the procedure using the -p  option to create the file Ports.lst   Example:


C:\ASM\RalfBrown\temp>combine -p -d C:\ASM\INTList

Put all the other files with an .lst extension in your INT List folder too, since they contain valuable information. Make sure to read the file Interrup.pri which is Ralf's Interrupt Primer.

4) Extract the files from rbilv21.zip into your INT List folder and run the Win 32 program RBILVIEW.exe which is a Windows viewer for Ralf's INTERRUP.LST file, Ports.lst and all the other .lst files. Open Ralf's Interrup.lst file with the viewer, it will build an index file to use for searches. Next time you want to write some ASM code, try searching through Ralf's INT List for all the details of what must be included for a particular INT function.

There's one more 'RBIL viewer' (called ILINA) that I think you'll find useful for doing lots of quick look-ups (it's easy on the eyes too). Extract Ilina100.zip from Part E (inter61e.zip), then finally extract all of its files into your INT List folder. Simply run the program (there's one little thing that bugs me about Ilina though: It's difficult to read the last line of any entry that goes beyond the window's bottom border; and there aren't any scroll bars for this either. You must grab the text itself with the mouse and/or use Arrow/PageUP/DN keys to get to the hidden lines.)



---

This page was last updated: December 16, 2007.

The Starman's Realm Index Page