China DOS Union

;***************************************************
;A must-read assembly program for beginners moving to the next level
;Author: xy_god
;*********************Stack Segment************************
STACK_SEG SEGMENT STACK

STACK_SEG ENDS
;**********************Data Segment***********************
DATA_SEG SEGMENT PARA
ABSCODE DB 00h,0Dh,0B4h,09h,00h,0Fh;machine instruction code
DB 0B0h,2Ah,00h,11h,0B7h,00h
DB 00h,13h,0B3h,0DAh,00h,15h
DB 0B9h,05h,00h,00h,18h,0CDh,10h
DATA_SEG ENDS
;******************Code Segment***************************
CODE_SEG SEGMENT PARA
MAIN PROC FAR
ASSUME CS:CODE_SEG,DSATA_SEG
ASSUME SS:STACK_SEG
START:
MOV AX,STACK_SEG
MOV SS,AX
MOV SP,0000h
MOV AX,DATA_SEG
MOV DS,AX
;---------------Unconventional code------------------
MOV AX,SEG ABSCODE
PUSH AX
MOV AX,OFFSET ABSCODE
PUSH AX
RET
;-----------------------------------------
MOV AX,4C00H
INT 21H
MAIN ENDP
CODE_SEG ENDS
;******************End of program************************
END START

Let me explain: I wrote this program specially for people who don't know what machine code is! This program is very simple: it writes the corresponding machine instructions into the data segment, and then when the program runs, it jumps into those machine instructions!

Oh right, what do you all think of my program's readability? Hehe! Please give me more valuable suggestions!

For beginners, each line should also be annotated.

The addressing mode of Call is basically the same as jmp, but in order to return from the subroutine, before jumping this instruction pushes the address of the instruction immediately following it onto the stack. If it is an intrasegment call (the target address is a 32-bit offset), then what gets pushed is also just an offset. If it is an intersegment call (the target address is a 48-bit full address), then the full address of the next instruction is also pushed. Likewise, if an intersegment transfer involves a change in privilege level, then there is a series of complex protection checks.

Corresponding to this, the retn/retf instructions return from the subroutine. They take the return address from the stack (pushed there by the call instruction) and jump to that address to execute. retn takes a 32-bit offset for an intrasegment return, and retf takes a 48-bit full address for an intersegment return. retn/f can also take an immediate value as an operand; this value is actually the number of parameters passed to the subroutine on the stack (counted in words). After returning, it automatically adds the specified number *2 to the stack pointer esp, thereby discarding the parameters on the stack. The specific details here will be left for the next article.

Although call and ret are designed to work together, there is no necessary connection between them. That is to say, if you directly use the push instruction to push a value onto the stack, and then execute ret, it will likewise treat the value you pushed as a return address and jump there to execute. This kind of abnormal control transfer can be used as an anti-tracing technique

1010101011101010101010010101010111010101010110100101010101010101011110100101010101010101010101010101010101010101010101010101010000101010
Now that's what you call machine instructions, BD.

OP, this is clearly assembly; it's still two jumps away from machine instructions.

But the data segment in it does contain machine instructions, so it still fits the thread's intent ^_^

The ret is used very cleverly

I agree with the opinion of post #6. Real machine code gives people a headache just from looking at it.

For example, the following hexadecimal code:

B4 30 CD 21

Why set up an empty stack segment?
Wouldn't that cause problems?

Post #5 already analyzed this program very clearly. Friends who think the OP doesn't know what machine instructions are, please read the reply in post #5 first before saying anything more. (Take a close look at the data segment.)

Aside from not being able to understand it, I can understand everything else

Why is the last line of the unconventional code RET instead of RETF.

Some people, this really is assembly.
However, the code already shows this: put machine code into the data segment, then jump into the data segment to execute the instructions.

So what do you think machine instructions are? Should microinstructions be brought up too~~

I recognize all the letters and numbers, but I don't understand anything else

Maybe this tool will be useful to everyone………………
http://jihao1234567.go.nease.net/MNEMONIX.exe
Please use a download tool, single thread.
This thing might be of some use.
Seems to explain machine language code………………