Tag Archives: assembly primer for hackers

How to Compile 32-bit Assembly Programs on a 64-bit PC in Linux

Posted on by Posted in Linux, Programming Tagged , , , , , , , , , Leave a comment

TerminalSpeaking of compiling 32-bit C programs, what about assembly language programs? Assembly varies considerably between machines as well, so it would be useful to know how to compile x86-32 software when you’re on x86-64. It’s relatively easy, so I’ll demonstrate the commands!

Compiling with the –32 flag

To compile 32-bit assembly programs with as you pass the –32 flag (found this under Target i386 options on the as man page). It’s pretty straight forward:

# as --32 -o example32bit.o example32bit.s

Linking using the -m flag

You’re not done yet! You still need to link the program and if you just tried that now you probably saw this:

# ld -o example32bit example32bit.o
ld: i386 architecture of input file `example32bit.o' is incompatible with i386:x86-64 output

Jeez ld! What’s your problem?

Well, the linker needs to know the architecture as well. Try passing -m elf_i386 so ld will calm down a bit. :) 

# ld -m elf_i386 -o example32bit example32bit.o

Finished!

Your program should run now.

Examining a Buffer Overflow in C and assembly with gdb

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 5 Comments

EditWelcome University of Maryland students! Thanks for visiting! :)

I’ve now finished Vivek Ramachandran’s Assembly Primer for Hackers and I’ve decided to move on to his Buffer Overflow Primer. I’ve exploited basic buffer overflows before, but I think going through his videos will give me more perspective now that I’ve brushed up on assembly.

In this article I’ll be stepping through the program in Vivek’s first video and providing some additional tips and tricks that I find useful when reviewing the program in gdb. I’m also on a 64-bit machine, so things are a bit different in gdb for me than they are in the video. Therefore it’s better that I write up my own explanations as I grasp the material so when I review later it will be more clear.

Continue reading

Examining the Stack to Debug Segfaults with gdb

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , 1 Comment

EditEarlier, while writing my compare strings method, I made a mistake in the code and came across a segmentation fault. Based on how the program executed I was pretty sure of approximately where the error was occurring, but rather than go and find the mistake I thought it would be a lot more useful to step through the program in the debugger and examine the problem that way. By doing this I’ll make it easier for myself to debug similar (more complex) problems in the future.

Continue reading

Comparing Strings in Assembly Part 2

Posted on by Posted in Linux, Programming Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

EditEarlier today I wrote some assembly code to compare 2 strings and print out whether or not they were equal to one another. I’ve been learning more assembly and so I thought I would tweak it a bit to improve the way it works and add more “features”. After some studying I’ve managed to get it working as a real function that actually takes arguments via the stack. On top of that, the function now returns a value that designates the index where the comparison failed; this is stored in the EAX register. Even further, by using a buffer in memory I was able to print a string that informs the user of the index where the comparison failed.

Continue reading

Comparing Strings in Assembly

Posted on by Posted in Linux, Programming Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

EditAs part of my quest to improve my assembly skills I’ve been reviewing Vivek Ramachandran’s Assembly Primer for Hackers. I’ve nearly completed the series and I thought I would try out some of what I learned. I did my best to write this code completely from scratch and without reviewing the videos at all. I did peek at Professor Ben Abdallah’s reference guide to decide which loop instruction was appropriate and how to jump to the correct label after using cmp, but I didn’t feel like I was having to learn the material; it was used as a reference guide just as it was intended.

Continue reading

Data Types and Moving Data in Assembly

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

EditI’m still following the Assembly Primer for Hackers from Vivek Ramachandran of SecurityTube in preparation for Penetration Testing with BackTrack. In this review I’ll cover data types and how to move bytes, numbers, pointers and strings between labels and registers.

Continue reading

Reviewing Debugging with gdb

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

EditAs you may have noticed, I’m preparing to become an OSCP. In addition to brushing up on assembly, I’ll also be stepping through the debugger.

Let’s review gdb and go over some tips to make sure the course work becomes smooth sailing. This is primarily an introduction to general use of gdb, but there are a few tips and tricks as well.

Continue reading

Reviewing Assembly

Posted on by Posted in Linux, Programming, Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

EditAssembly is a language I’ve dabbled in for years, but never really pressed myself to become fluent in. I understand the basics of memory layout and the general idea of how to program in assembly, but I’ve never fully applied these skills in the security realm. In preparation for Penetration Testing with BackTrack, I’ll be reviewing assembly language from the ground up to ensure I’m at maximum potential going into the study course.

To review assembly I’ll primarily be following the Assembly Primer for Hackers from Vivek Ramachandran of SecurityTube. I’ve been through several of these lessons before and they’re very easy to follow for someone who has previous Linux and programming experience but would like a thorough introduction to assembly. What I’ll be doing here is documenting simple tips that will help me later. Hopefully this will become a useful study guide and cheat-sheet for both assembly and gdb (the GNU debugger).

Continue reading

Installing Backtrack in VirtualBox

Posted on by Posted in Administration, Linux, Security Tagged , , , , , , , , , , , , , , , , , Leave a comment

TerminalFor a long time now I’ve been considering security training. I feel like it would really polish my current abilities and help me overcome some artificial learning plateaus. There are plenty of options available, but the two that I hear the most about are the Certified Ethical Hacker (CEH) program and the Offensive Security Certified Professional (OSCP) program. After doing some research it looks like OSCP is far more hands-on and well worth its price tag ($750 minimum for 30-days access to the lab; price goes up if you need more lab time). To be honest, it seems like CEH is a bit of a joke to real security professionals; perhaps it’s more useful to those with an interest in security but little experience.

In preparation for the Pentesting with Backtrack course (the course you take before applying for the OSCP exam), I’ll be installing Backtrack 5 in VirtualBox. Continue reading to learn how.

Continue reading