Assembly Primer for Hackers (Part 1) System Organization
Assembly language is probably the most important thing one needs to master if he desires to enter the world of code exploitation, virus writing and reverse engineering. In this multi-part video series I will try to provide a simple primer to Assembly language which will help you get started. These videos are in no way meant to be exhaustive but rather will only act as a guide on how to begin.
In this first part, I explain the basics of computer organization, CPU registers - general purpose, segment and instruction pointer. Also covered is virtual memory organization, program memory organization, program stack and stack operations.
Download Part 1
Assembly Primer for Hackers (Part 2) Virtual Memory Organization
In this video we take an in-depth look at virtual memory organization concepts. The entire discussion is explained by taking a live example using the SimpleDemo.c code. We look at how one can use the /proc/PID/maps to peek into the layout of a program's virtual memory and interpret useful things. Also, we show how the Address Space Layout Randomization (ASLR) works in the latest 2.6 kernels and why this is significant from a security point of view. We also show how this can be disabled at runtime if the need be. This video is very important from an code exploitation perspective as it teaches us how to check for the presence of ASLR on a given system.
Download Part 2
Assembly Primer for Hackers (Part 3) GDB Usage Primer
GDB (GNU Debugger) is probably one of the most important tools one needs to be familiar with in order to be a good assembly language programmer. In this video we go through a quick primer on how to use GDB to disassemble code, set breakpoints, trace through code, examine CPU registers and memory locations, examine the program stack and many other important use cases which will help us in later videos when we actually start coding in Assembly and want to debug our code.
Download Part 3
Assembly Primer for Hackers (Part 4) Hello World
In this video we will look at the structure of assembly language programs - .data, .bss, .text segments, how to pass arguments to linux system calls in assembly, using GAS and LD to assemble and link code and finally in the end we go through a step by step approach to create our first "Hello World" program.
Download Part 4
Assembly Primer for Hackers (Part 5) Data Types
In this video we will go through an in-depth primer on data types which are used in assembly. We do a live demo on how to look at data in memory using GDB for .ascii, .int, .short, .float (.data) and .comm, .lcomm (.bss) types.
Download Part 5
Assembly Primer for Hackers (Part 6) Moving Data
In this video we look at how to transfer data between registers and memory locations using the MOV series of instructions. We discuss data transfer between registers, immediate values and registers, memory locations and registers, immediate values and memory locations, indexed memory addressing schemes, indirect addressing using registers and many other important concepts. It is important to note that all the above are explained in detail using example code in the video.
Download Part 6
Assembly Primer for Hackers (Part 7) Working with Strings
In this video we will look at how to work with strings in Assembly. We will demonstrate how we can move strings from one memory location to the other using the MOVS instruction set, discuss the concept of the Direction Flag (DF) and how to set and clear it using STD and CLD, how to execute multiple string copy instructions using the REP instruction, how to load strings from memory into the EAX register using the LODS instruction set, how to store strings from the EAX register back into memory using the STOS instruction set and finally we shall look at how to compare strings using the CMPS instruction set.
Download Part 7
Assembly Primer for Hackers (Part 8) Unconditional Branching
In this video we will look at how to alter the program execution flow using unconditional branching. We will look at how to use the JMP instruction to make an unconditional branching to a new location in the code segment and how to use the CALL statement in conjunction with RET to save the program execution state. We will demonstrate all the concepts using very simple code snippets to aid understanding.
Download Part 8
Assembly Primer for Hackers (Part 9) Conditional Branching
In this video we will look at Conditional Branching in Assembly Language using the JXX family of instructions and the LOOP instruction.
The conditional jump instructions such as JA, JAE, JZ, JNZ etc. use various flags in the EFLAGS register such as the Zero Flag (ZF), the Parity Flag (PF), Overflow Flag (OF), Sign Flag (SF) etc. to determine which instruction path to take next. In this video we will look at the JZ condition jump instruction in great detail. JZ using the Zero Flag (ZF) to determine if the last instruction resulted in the Zero operation or not and then chooses to jump to a specified location if it was set. We will also look at the LOOP instruction which used the ECX register to loop over a set of instructions over and over again.
Download Part 9
Assembly Primer for Hackers (Part 10) Functions
In this video we will look at how to write functions in Assembly Language.
The most important step in writing functions in assembly is to understand how to pass arguments to them and then read their return values. We will look at 2 techniques - using registers and using global memory locations to understand how this can be done. In this demo we will use our familiar "Hello World" program to demonstrate how to code a simple function using the "write()" syscall. We will use the Function.s program to demonstrate argument passing using the CPU registers and Function2.s to demo argument passing using global memory location in the .BSS segment.
Download Part 10
Assembly Primer for Hackers (Part 11) Functions Stack
In this video, we will look at how to use the Stack to pass arguments to functions.
In course of this video we will look into exactly how the Stack works, how to store arguments on the stack, how the "call" instruction stores the return address on the stack, the logic behind storing the EBP register on the stack, how and why EBP is used to reference function arguments and local variables in a function and how to adjust the ESP to accommodate all this. This video is very important as a lot of learning from this will be used in the Buffer overflow video series I plan to make next.
Download Part 11
Author: Vivek Ramachandran
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.