Well, after all this assembly programming and debugging in gdb, I think it’s time to try some assembly in Windows. I’ll start by downloading and installing MASM. It’s incredibly easy, but I’m posting because I’m excited to try some Windows assembly.
# as -o example32bit.o example32bit.s example32bit.s: Assembler messages: example32bit.s:10: Error: suffix or operands invalid for `pop'
To fix this problem you need to pass the compiler or assembler a flag telling it you want to compile the software as 32-bit and not 64-bit.
The fix for C: Compiling with the -m32 flag
If you’re using gcc to compile a C program, pass in -m32. There’s a complete example here on my blog.
The fix for assembly: Compiling with the –32 flag
If you’re using as to compile an assembly program, pass in –32. Then when you link with ld pass in -m elf_i386. There’s a complete example here on my blog.
Speaking of compiling 32-bit C programs, what about assembly language programs? Assembly varies considerably between machines as well, so it would be useful to know how to compile x86-32 software when you’re on x86-64. It’s relatively easy, so I’ll demonstrate the commands!
Compiling with the –32 flag
To compile 32-bit assembly programs with as you pass the –32 flag (found this under Target i386 options on the as man page). It’s pretty straight forward:
# as --32 -o example32bit.o example32bit.s
Linking using the -m flag
You’re not done yet! You still need to link the program and if you just tried that now you probably saw this:
# ld -o example32bit example32bit.o ld: i386 architecture of input file `example32bit.o' is incompatible with i386:x86-64 output
Jeez ld! What’s your problem?
Well, the linker needs to know the architecture as well. Try passing -m elf_i386 so ld will calm down a bit.
# ld -m elf_i386 -o example32bit example32bit.o
Your program should run now.
If you’re learning about buffer overflows and shellcode, chances are you’re exploiting some stack-based vulnerabilities. If you’re like me you might also find that when you compile your programs they have stack execution disabled by default. So instead of getting excited as you see your shellcode blissfully running after smashing the stack, you might just see this instead:
Program received signal SIGSEGV, Segmentation fault. 0x0000000000601018 in shellcode ()
“Noooo! You can’t do this to me! I want to write exploits!”
Ok.. calm down.. we just need to turn on stack execution when compiling.
I’ve now finished Vivek Ramachandran’s Assembly Primer for Hackers and I’ve decided to move on to his Buffer Overflow Primer. I’ve exploited basic buffer overflows before, but I think going through his videos will give me more perspective now that I’ve brushed up on assembly.
In this article I’ll be stepping through the program in Vivek’s first video and providing some additional tips and tricks that I find useful when reviewing the program in gdb. I’m also on a 64-bit machine, so things are a bit different in gdb for me than they are in the video. Therefore it’s better that I write up my own explanations as I grasp the material so when I review later it will be more clear.
Earlier, while writing my compare strings method, I made a mistake in the code and came across a segmentation fault. Based on how the program executed I was pretty sure of approximately where the error was occurring, but rather than go and find the mistake I thought it would be a lot more useful to step through the program in the debugger and examine the problem that way. By doing this I’ll make it easier for myself to debug similar (more complex) problems in the future.
Earlier today I wrote some assembly code to compare 2 strings and print out whether or not they were equal to one another. I’ve been learning more assembly and so I thought I would tweak it a bit to improve the way it works and add more “features”. After some studying I’ve managed to get it working as a real function that actually takes arguments via the stack. On top of that, the function now returns a value that designates the index where the comparison failed; this is stored in the EAX register. Even further, by using a buffer in memory I was able to print a string that informs the user of the index where the comparison failed.
As part of my quest to improve my assembly skills I’ve been reviewing Vivek Ramachandran’s Assembly Primer for Hackers. I’ve nearly completed the series and I thought I would try out some of what I learned. I did my best to write this code completely from scratch and without reviewing the videos at all. I did peek at Professor Ben Abdallah’s reference guide to decide which loop instruction was appropriate and how to jump to the correct label after using cmp, but I didn’t feel like I was having to learn the material; it was used as a reference guide just as it was intended.
Let’s review gdb and go over some tips to make sure the course work becomes smooth sailing. This is primarily an introduction to general use of gdb, but there are a few tips and tricks as well.