1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Intro to disassembly and CIL (Used in NET Reflector) opcode list

Discussion in 'Tutorials' started by s810car, Dec 23, 2016.

  1. s810car

    s810car Advanced Member

    Joined:
    Dec 9, 2016
    Messages:
    62
    Likes Received:
    35
    Been questioned about opcodes recently so thought this would make a good writeup.

    This is a list of opcodes used in libraries/executables created for M$ .NET framework, prefaced by an introduction to assembly and some details for those wondering why its so dam hard to hack programs if you can understand and program in those languages. to skip to the good stuff without the college lecture PTSD you'll get from this head to the next post below. On the other hand, if you like the nerd stuff and want more, leave comments below (I will assume likes mean the chart not the boring stuff, which is what I expect anyways, I got bored of myself writing some of this up lol)

    What is CIL?
    Source: Wikipedia
    Think of a program this way: You speak (or write) in a common language known by your own kind, humans. We have millions of ways to phrase things. Computers are electrical objects they know two things: working or not? yes or no? On or off? so basically is circuit receiving the electron flow or not. We understand this as binary code, where 1 = (On|True|Yes) and 0 = (Off|False|No). So how do we get these great graphic GUI phones with awesome games to hack into? We (humans) set up these on/off groups of circuits to mean something when put into sequences. For example I can say
    by, lets say, making a fist twice with my left hand, open both hands, then keep my right hand closed and open and close my left hand one last time. If you were taught that language you would understand those gestures entirely. This is exactly what we created in computers. We said ok this we understand (in this example, a letter in a word), so lets make this group of on/off pulses mean this part. So instead of hand gestures, we now have this many on/off (0|1) means this (the next letter in our example). We call this Binary language. In fact heres the same sentence in the above quote
    (I will just say that each group is considered a single byte, not gonna break it down to byte/bit/nibble sh*t might as well go into making circuit boards lol I'll stick to the code part)
    However, thats much harder for us to say, or even read esp long nights when the numbers just melt together, god forbid you have dyslexia. so how do we make these on/off pulses make sense to us? Simplify them. One way is to take groups and condense them into larger values that the computer can take a block and interpret it as the original value such as Hex(hexadecimal, or allowing us to use 0-15 in place of four on/off sectors, which we group in bytes. Why? again making circuits, don't care, google it, back to the code). Lets do the quote again
    Now thats still hard to read, so we take groups again, and so on until we can say a simple thing in our millions+ word language, and the computer can repeat it simply for their 2 word language.

    So lets apply this to what this thread is about. To get to this middle ground where humans can read what computers understand, we need to take the binary code and group in a way that we can understand what each group of 0s and 1s was instructed to do as an operation code, or opcode. If you're hardcore (or a masochist) break down the binary. If you want a little easier task, convert to hex and read those groups. Or, you can actually figure out, gee this would be nice if it was automated to find the info out, and try to find and understand that tool (not much faith there, still try to answer questions without saying "google it asshat" but i digress) These are disassemblers.
    Disassemblers automatically start to go thru the binary of the file, get the hex equivalent, and the the corresponding opcode/operand of the bytes in question. Each byte is either an opcode, operand ie. data, or both. For example, in x86 architecture, moving the next byte of data I input into a register would be the MOV opcode taking 5 bits (binary 10110) and the register taking three (register=000-111) or in hex, B0-B7 depending on register. Moving the next word variable changes one bit (binary 10111 instead) and the same register options, so hex B8-BF. So you see, a simple 0-1 change can make that much difference and how we communicate becomes easier to understand.

    So if computer only reads binary and a dissembler takes that and make it readable, whats the problem on changing instructions? You should be able to hack anything!!
    Not quite.
    Just like everything else in this world, we have choices. different brands breeds different fanboys, and each trying to add unique flavor to keep the market in their favor. So we have different architectures for different products, who have different opcodes, in different assemblies. Case in point, above example. Lets say your x86 built program has B1 in its binary which we just learned moves data into that registry, in this case, registry CL. Well in CIL (used in .NET so most .dll files and windows executables), this means SQUAT. Well it means something, but it may be a pointer, function address, w/e but couldn't say without more info.This is what our disassembler says about that byte as well, its amazing how some files disassemble very readable and some not so much. Worse, disassembling using the wrong framework would be useless to edit as too many instructions get mangled by misinterpretation. I have yet to ever see a file that gets 100% disassembled into 100% readable code. So we do the best we can with the info we got.

    I will continue this segment in future tutes if enough interest in it, or I can stick to the sauce, no matters to me :) If you got this far thanks for reading!
     
    harryxz, iAlex and ZEDjy like this.
  2. s810car

    s810car Advanced Member

    Joined:
    Dec 9, 2016
    Messages:
    62
    Likes Received:
    35
    The sauce
    Source: Wikipedia
    All comments are my addition to the info, if I'm incorrect on any, please clarify and I'll make the adjustment



    Instruction Types
    Base: performs universally compatible commands (conditionals, type conversions, arithmatic function. etc)
    Object model: Allows for OOP, cast object types and refereences such as pointers,etc.
    Prefix to Instruction: allows layering of another rule upon the following instruction

    Order A-Z
    Order by Hex
    Hopefuly by the end of this you can better read the assembly instructions in .NET Reflector or dnspy. What to do with that info is up to you.
     
    #2 s810car, Dec 23, 2016
    Last edited: Dec 23, 2016
  3. fahadxmb

    fahadxmb Member

    Joined:
    Dec 27, 2016
    Messages:
    13
    Likes Received:
    4
    good work
     
Loading...
  • About Us

    Android Republic - Android Game Hacks - Offering only the most advanced and exclusive android hacks, protections like Xigncode are easily bypassed by our team.

    Exclusive Android hacks, android protections cracked, only the best available games, here you will find only the best games such as Kritika, Summoners War, Raven, Dragon Striker, Avabel, Evil Bane, 7knights and seven knights, Darkness Reborn, Soul Seeker all fully hacked and waiting for you! easy xigncode and dxshield bypass too!, way better than alpha gamers or alphagamers no need for booster or root, simple the best android cheat apk available.