background preloader

x86 ASM

Facebook Twitter

x86 Assembly for Userland Applications: A Hands-On Approach. This document is an introduction to creating programs for microprocessors of the x86 architecture family - in particular 32-bit code.

x86 Assembly for Userland Applications: A Hands-On Approach

The reader is expected to be familiar with programming in C/C++ (or similar languages such as Java at least) and the essential API of the operating system they are using. Some mathematical knowledge up to highschool/university level is essential for understanding a lot of things aswell. I will try not to be too OS specific but the environments I am going to focus on in this document are Windows, Linux and BSD. Pure knowledge of assembly in itself is useless if you do not know how to combine it with the API of the operating system you are going to run it on so I want to make sure that this will be demonstrated to a certain extent. It is not that different from the way you would do it in a high level programming language such as C++ so it is not difficult to understand. This is a very important question and subject to a lot of discussion. With values . Heap spraying. Operation[edit] A heap spray does not actually exploit any security issues but it can be used to make a vulnerability easier to exploit.

A heap spray by itself cannot be used to break any security boundaries: a separate security issue is needed. Exploiting security issues is often hard because various factors can influence this process. Chance alignments of memory and timing introduce a lot of randomness (from the attacker's point of view). A heap spray can be used to introduce a large amount of order to compensate for this and increase the chances of successful exploitation.

Exploits often use specific bytes to spray the heap, as the data stored on the heap serves multiple roles. History[edit] Implementation[edit] JavaScript[edit] VBScript[edit] Occasionally, VBScript is used in Internet Explorer to create strings by using the String function. ActionScript[edit] In July 2009, exploits were found to be using ActionScript to spray the heap in Adobe Flash.[9][10] Images[edit] Modern x86 assembly. Nobody writes programs in assembly any more.

Modern x86 assembly

Bits of assembly are used in compilers, JIT compilers, kernels, and for some performance-critical code like codecs. Few people write such code. You may want to try it anyway, as the best programmers write compilers, at least according to Steve Yegge. Knowing assembly and low-level details of your architecture is still important. Not for writing programs or even small pieces of code in it. Many people have irrational fear of the low level. Ancient x86 assembly Back in early 1990s, widely available compilers produced seriously suboptimal code (unoptimized and 16-bit), and it was necessary to use inline assembly to get anywhere close to decent performance. Push xpush ycall foomov z, ax or to use 32 bits and more modern notation something like: pushl 0x4(%ebp) <x>pushl 0x8(%ebp) <y>call 8012EF0 <foo>move 0xc(%ebp) <z>, %eax Alignment In ancient times, memory access was just memory access.

#include <stdio.h>#include <stdlib.h> printf("x = %p.. NOP slide. In computer security, a NOP slide, NOP sled or NOP ramp is a sequence of NOP (no-operation) instructions meant to "slide" the CPU's instruction execution flow to its final, desired, destination whenever the program branches to a memory address anywhere on the sled.

NOP slide

While a NOP slide will function if it consists of a list of canonical NOP instructions, the presence of such code is suspicious and easy to automatically detect. For this reason, practical NOP slides are often composed of non-canonical NOP instructions (such as moving a register to itself or adding zero, for example 0x0c0c0c0c[1]), or of instructions that affect program state only inconsequentially, which makes them much more difficult to identify. The entropy of a NOP sled is dependent upon the constraints placed on it. See also[edit] Heap spraying, a technique which is complementary to the use of NOP slides. View topic - [C#] Static Dll Injector. PELoader.