Disassembly
Assembly is something we all have to learn eventually in order to properly modify Roblox without having its source code.
Usually, we use a tool such as IDA Pro or x32dbg. Because Roblox (before Byfron) uses VMProtect, simply modifying its executable isn't possible, and you must attach to it while its running.
This article isn't finished yet, sorry
Instructions
The x86 instruction set is a vast instruction set with various extensions. Luckily, you'll only really see basic x86 instructions when debugging Roblox.
These are some common instructions (but not every instruction) that can be seen whilst debugging Roblox.
| Instruction (NASM syntax) | Name | Purpose |
|---|---|---|
| jne [address] | Jump if Not Equal | The processor will set EIP to [address], if EFLAGS has the NE (Not equal) bit set. |
| jnz [address] | Jump if Not Zero | The processor will set EIP to [address], if EFLAGS has the NZ (Not zero) bit set. |
| call [address] | CALL | The processor will set EIP to [address], then push the current address. |
| cmp [a], [b] | CoMPare | The processor will compare [a] and [b], and set EFLAGS with the results of the comparison. |
| mov [a], [b] | MOVe | The processor will set [b] to [a]. |
| nop | NO Operation | The processor will not do anything. |
Where's All the Data?
It may noticed, that in the set provided above there are terms such as 'EFLAGS', and '%eip'. These are CPU registers. CPU registers are the fastest way to retrieve, manipulate and store data but are limited in size.
| Register | Purpose |
|---|---|
| EAX | General purpose register, sometimes called the Accumulator register |
| EBX | General purpose register, sometimes called the Base register |
| ECX | General purpose register, sometimes used to store the loop counter. In C++, *sometimes* this points to this, the current class.
|
| EDX | General purpose register |
| EBP | Stack Frame Pointer. This is how programs will typically safely address other values in the stack, because ESP will fluctuate wildly during execution. |
| ESP | Stack Pointer. This is where the x86 fetches the top of the stack from. This decrements (decreases) when PUSHed to, and increments (increases) when POPed from. |
| EDI | Destination index (typically used for arrays) |
| ESI | Source index (typically used for arrays) |
| EIP | Instruction Pointer. This is where the x86 fetches the next instruction from memory from, and is incremented by the size of the decoded instruction every instruction. |
Stacks
Stacks are a form of data storage employed by most CPU architectures, including x86. In x86, the stack can be imagined as a stack of plates. You can put a plate on top of the stack (PUSH to the stack), and take the top most one off (POP from the stack).
When you call for example, the processor will PUSH the value of %eip, then go to the new address. When that subroutine eventually executes a RETurn instruction, the processor will POP the last value on the stack (which in this case, is what %eip used to be!) and then set %eip to the old address.
Calling Conventions
To complicate stacks further, most programs employ a calling convention. This is most used by programming languages such as C, in order to keep track of data