Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.

Slides:



Advertisements
Similar presentations
Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.
Advertisements

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
1 C and the 8051 EGRE Introduction The Silicon Labs ISE uses the Keil C51 compiler. The code size is limiter to 2K C has replaced PL/M (the original.
Introduction to Information Security ROP – Recitation 5 nirkrako at post.tau.ac.il itamarg at post.tau.ac.il.
C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.
Review: Software Security David Brumley Carnegie Mellon University.
Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.
X86 ISA Compiler Baojian Hua Front End source code abstract syntax tree lexical analyzer parser tokens IR semantic analyzer.
CS2422 Assembly Language and System Programming High-Level Language Interface Department of Computer Science National Tsing Hua University.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Machine-Level Programming 3 Control Flow Topics Control Flow Switch Statements Jump Tables.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.
Recitation 4: The Stack & Lab3 Andrew Faulring Section A 30 September 2002.
Recitation 6 – 2/26/01 Outline Linking Exam Review –Topics Covered –Your Questions Shaheen Gandhi Office Hours: Wednesday.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Machine-Level Programming 3 Control Flow Topics Control Flow Switch Statements Jump Tables.
CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 22: Unconventional.
Assembly Language for x86 Processors 7th Edition Chapter 13: High-Level Language Interface (c) Pearson Education, All rights reserved. You may modify.
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
ELF binary # readelf -a foo.out ELF Header:
X86 Architecture.
Introduction to Information Security ROP – Recitation 5.
CNIT 127: Exploit Development Ch 8: Windows Overflows Part 2.
Bits and Bytes September 1, F’05 class02.ppt “The Class That Gives CMU Its Zip!”
Stack Usage with MS Visual Studio Without Stack Protection.
Buffer Overflow Attack- proofing of Code Binaries Ramya Reguramalingam Gopal Gupta Gopal Gupta Department of Computer Science University of Texas at Dallas.
Introduction 8051 Programming language options: Assembler or High Level Language(HLL). Among HLLs, ‘C’ is the choice. ‘C’ for 8051 is more than just ‘C’
1 Introduction to Information Security , Spring 2016 Lecture 2: Control Hijacking (2/2) Avishai Wool.
Intel Xscale® Assembly Language and C. The Intel Xscale® Programmer’s Model (1) (We will not be using the Thumb instruction set.) Memory Formats –We will.
Introduction to Information Security
CS 177 Computer Security Lecture 9
Introduction to Information Security
Data in Memory variables have multiple attributes symbolic name
Computer Architecture and Assembly Language
Exploiting & Defense Day 2 Recap
Aaron Miller David Cohen Spring 2011
Understanding x86-64 Assembly for Reverse Engineering & Exploits
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
High-Level Language Interface
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Discussion Section – 11/3/2012
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Advanced Buffer Overflow: Pointer subterfuge
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
/GS Switch in Visual Studio
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah –
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah –
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Machine-Level Programming: Introduction
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
CSC 497/583 Advanced Topics in Computer Security
Computer Architecture and System Programming Laboratory
Computer Architecture and System Programming Laboratory
Presentation transcript:

Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail

All materials is licensed under a Creative Commons “Share Alike” license. http://creativecommons.org/licenses/by-sa/3.0/ Attribution condition: You must indicate that derivative work "Is derived from Xeno Kovah's ‘Intro x86-64’ class, available at http://OpenSecurityTraining.info/IntroX86-64.html" Attribution condition: You must indicate that derivative work "Is derived from Xeno Kovah's 'Intro x86-64’ class, available at http://OpenSecurityTraining.info/IntroX86-64.html”

Effects of Compiler Options Our standard build main: 140001000 sub rsp,38h 140001004 mov eax,1 140001009 imul rax,rax,27h 14000100D mov byte ptr [rsp+rax],2Ah 140001011 mov eax,0B100Dh 140001016 add rsp,38h 14000101A ret //Example8.c int main(){ char buf[40]; buf[39] = 42; return 0xb100d; }

Effects of Compiler Options 2 /O1 (minimum size) or /O2 (maximum speed) Debug information format Disabled (viewed from WinDbg) or /Z7 (C7 Compatible) (no change) main: 140001000 mov eax,0B100Dh 140001005 ret main: 140001000 sub rsp,38h 140001004 mov eax,1 140001009 imul rax,rax,27h 14000100D mov byte ptr [rsp+rax],2Ah 140001011 mov eax,0B100Dh 140001016 add rsp,38h 14000101A ret

Effects of Compiler Options 3 /GS - Buffer Security Check (default enabled nowadays) aka “stack cookies” (MS term) aka “stack canaries” (original research term) main: 140001000 sub rsp,38h 140001004 mov rax,qword ptr [__security_cookie (0140004000h)] 14000100B xor rax,rsp 14000100E mov qword ptr [rsp+28h],rax 140001013 mov eax,1 140001018 imul rax,rax,27h 14000101C mov byte ptr [rsp+rax],2Ah 140001020 mov eax,0B100Dh 140001025 mov rcx,qword ptr [rsp+28h] 14000102A xor rcx,rsp 14000102D call __security_check_cookie (0140001190h) 140001032 add rsp,38h 140001036 ret

Effects of source options Book p. 369 Effects of source options /O1 optimization when the volatile keyword is present main: 140001000 sub rsp,38h 140001004 mov eax,1 140001009 imul rax,rax,27h 14000100D mov byte ptr [rsp+rax],2Ah 140001011 mov eax,0B100Dh 140001016 add rsp,38h 14000101A ret int main(){ volatile char buf[40]; buf[39] = 42; return 0xb100d; } main: 140001000 sub rsp,38h 140001004 mov byte ptr [rsp+27h],2Ah 140001009 mov eax,0B100Dh 14000100E add rsp,38h 140001012 ret This is a trick I picked up from a 2009 Defcon presentation http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sean_taylor-binary_obfuscation.pdf He also talked a little bit about control flow flattening which is covered in an academic paper in the “Messing with the disassembler” section.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.