If you’re learning about buffer overflows and shellcode, chances are you’re exploiting some stack-based vulnerabilities. If you’re like me you might also find that when you compile your programs they have stack execution disabled by default. So instead of getting excited as you see your shellcode blissfully running after smashing the stack, you might just see this instead:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000601018 in shellcode ()
“Noooo! You can’t do this to me! I want to write exploits!”
Ok.. calm down.. we just need to turn on stack execution when compiling.
Assembly is a language I’ve dabbled in for years, but never really pressed myself to become fluent in. I understand the basics of memory layout and the general idea of how to program in assembly, but I’ve never fully applied these skills in the security realm. In preparation for Penetration Testing with BackTrack, I’ll be reviewing assembly language from the ground up to ensure I’m at maximum potential going into the study course.
To review assembly I’ll primarily be following the Assembly Primer for Hackers from Vivek Ramachandran of SecurityTube. I’ve been through several of these lessons before and they’re very easy to follow for someone who has previous Linux and programming experience but would like a thorough introduction to assembly. What I’ll be doing here is documenting simple tips that will help me later. Hopefully this will become a useful study guide and cheat-sheet for both assembly and gdb (the GNU debugger).