Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hello ASM World: A Painless and Contextual Introduction to x86 Assembly rogueclown DerbyCon 3.0 September 28, 2013.

Published byCaitlin Logan Modified over 9 years ago

Similar presentations

Presentation on theme: "Hello ASM World: A Painless and Contextual Introduction to x86 Assembly rogueclown DerbyCon 3.0 September 28, 2013."— Presentation transcript:

1 Hello ASM World: A Painless and Contextual Introduction to x86 Assembly rogueclown DerbyCon 3.0 September 28, 2013

2 who? security consultant by vocation mess around with computers, code, CTFs by avocation frustrated when things feel like a black box

3 what is assembly language? not exactly machine language…but close – instructions: mnemonics for machine operations – normally a one-to-one correlation between ASM instruction and machine instruction varies by processor – today, we will be discussing 32-bit x86

4 why learn assembly language? some infosec disciplines require it curious about lower-level details of memory or interfacing with an operating system it’s fun and challenging!

5 how does assembly language work?

6 hello memory what parts of computer memory does assembly language commonly access? how does assembly language access those parts of computer memory?

7 where is this memory? what one “normally” thinks of as memory – RAM – virtual memory CPU – registers

8 computer memory layout heap – global variables, usually allocated at compile-time – envision a bookshelf…that won’t let you push books together when you take one out stack – local, contextual variables – envision a card game discard pile – you will use this when coding ASM. a lot.

9 registers memory located on the CPU registers are awesome because they are fast. registers are a pain because they are tiny.

10 registers general purpose registers – alphabet soup eax, ebx, ecx, edx can address in parts: ax, ah, al – stack and base pointers esp ebp – index registers esi, edi

11 registers instruction pointer – eip – records the next instruction for the program to follow other registers – eflags – segment registers

12 instructions mov – moves a value to a register – can either specify a value, or specify a register where a value resides syntax in assembly – Intel syntax: mov ebx, 0xfee1dead – AT&T syntax: mov $0xfee1dead, %eax

13 instructions interrupt – int 0x80 – int 0x3 system calls – how a program interacts with the kernel of the OS

14 instructions mathematical instructions – add, sub, mul, div mov eax, 10 cdq; edx is now 0 div 3; eax is now 3, edx is now 1 – dec, inc – useful for looping mov ecx, 3 dec ecx; ecx is now 2

15 jumps jge, jg, jle, jl – work with a compare (cmp) instruction jz, jnz, js, jns – check zero flag or sign flag for jump

16 instructions stack operations: push and pop mov eax, 10 push eax; 10 on top of stack inc eax; eax is now 11 push eax; 11 on top of stack pop ebx; ebx is now 11 pop ecx; ecx is now 10

17 instructions function access instructions – call places the address of the next instruction on top of the stack moves execution to identified function – ret returns to the memory address on top of the stack designed to work in tandem with the “call” instruction…but we’re hackers, yes?

18 sections of ASM code.data – constant variables initialized at compile time.bss – declaration of variables that may are set of changed during runtime.text – executable instructions

19 $%&#@%^ instructions: how do they work?

20 putting it together time to take a bit of C code, and reimplement it in assembly language!

21 where does shellcode come in?

22 what is shellcode? instructions injected into a running process lacks some of the luxuries of writing a stand-alone program – no laying out nice memory segments in a.bss or.data section – basically, just one big.text section

23 a first stab at shellcode… this is going to look mostly familiar, except for how data is handled.

24 why did it fail? bad characters – shellcode is often passed to an application as a string. – if a character makes a string act funny, you may not want it in your shellcode 0x00, 0x0a, 0x0d, etc. – use an encoder, or do it yourself

25 try that shellcode again…

26 where can i learn more about assembly language?

27 suggested resources dead trees – “Hacking: The Art of Exploitation” by Jon Erickson – “Practical Malware Analysis” by Michael Sikorski and Andrew Honig – “Gray Hat Python” by Justin Seitz

28 suggested resources the series of tubes – http://ref.x86asm.net – quick and dirty opcode reference – http://www.nasm.us/doc – Netwide Assembler documentation system calls – Linux: /usr/include/asm/unistd.h man 2 $syscall – Windows: http://msdn.microsoft.com/library/windows/desktop/hh92 0508%28vs.85%29 – Windows API reference

29 how to find me Twitter: @rogueclown email: rogueclown@rogueclown.net IRC: #derbycon, #misec, or #burbsec on Freenode or, just wave me down at the con

Download ppt "Hello ASM World: A Painless and Contextual Introduction to x86 Assembly rogueclown DerbyCon 3.0 September 28, 2013."

Similar presentations

Practical Malware Analysis

Practical Malware Analysis
COMP 2003: Assembly Language and Digital Logic

COMP 2003: Assembly Language and Digital Logic
Introduction to Information Security מרצים : Dr. Eran Tromer: Prof. Avishai Wool: מתרגלים : Itamar Gilad

Introduction to Information Security מרצים : Dr. Eran Tromer: Prof. Avishai Wool: מתרגלים : Itamar Gilad
C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.

C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.
Introduction to X86 assembly by Istvan Haller

Introduction to X86 assembly by Istvan Haller
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Assembly Language for Intel-Based Computers Chapter 5: Procedures Kip R. Irvine.

Assembly Language for Intel-Based Computers Chapter 5: Procedures Kip R. Irvine.
© 2006 Pearson Education, Upper Saddle River, NJ 07458. All Rights Reserved.Brey: The Intel Microprocessors, 7e Chapter 2 The Microprocessor and its Architecture.

© 2006 Pearson Education, Upper Saddle River, NJ All Rights Reserved.Brey: The Intel Microprocessors, 7e Chapter 2 The Microprocessor and its Architecture.
PC hardware and x86 3/3/08 Frans Kaashoek MIT

PC hardware and x86 3/3/08 Frans Kaashoek MIT
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.

1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.

Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.
Practical Session 8 Computer Architecture and Assembly Language.

Practical Session 8 Computer Architecture and Assembly Language.
Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers, 2003. 1 Stack Operations Runtime Stack PUSH Operation POP.

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers, Stack Operations Runtime Stack PUSH Operation POP.
CEG 320/520: Computer Organization and Assembly Language ProgrammingIntel Assembly 1 Intel IA-32 vs Motorola 68000.

CEG 320/520: Computer Organization and Assembly Language ProgrammingIntel Assembly 1 Intel IA-32 vs Motorola
6.828: PC hardware and x86 Frans Kaashoek

6.828: PC hardware and x86 Frans Kaashoek
Dr. José M. Reyes Álamo 1.  The 80x86 memory addressing modes provide flexible access to memory, allowing you to easily access ◦ Variables ◦ Arrays ◦

Dr. José M. Reyes Álamo 1.  The 80x86 memory addressing modes provide flexible access to memory, allowing you to easily access ◦ Variables ◦ Arrays ◦
1 Carnegie Mellon Stacks 15-213: Introduction to Computer Systems Recitation 5: September 24, 2012 Joon-Sup Han Section F.

1 Carnegie Mellon Stacks : Introduction to Computer Systems Recitation 5: September 24, 2012 Joon-Sup Han Section F.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,

Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
The x86 Architecture Lecture 15 Fri, Mar 4, 2005.

The x86 Architecture Lecture 15 Fri, Mar 4, 2005.

Similar presentations

Ads by Google