Welcome University of Maryland students! Thanks for visiting!
I’ve now finished Vivek Ramachandran’s Assembly Primer for Hackers and I’ve decided to move on to his Buffer Overflow Primer. I’ve exploited basic buffer overflows before, but I think going through his videos will give me more perspective now that I’ve brushed up on assembly.
In this article I’ll be stepping through the program in Vivek’s first video and providing some additional tips and tricks that I find useful when reviewing the program in gdb. I’m also on a 64-bit machine, so things are a bit different in gdb for me than they are in the video. Therefore it’s better that I write up my own explanations as I grasp the material so when I review later it will be more clear.
Earlier, while writing my compare strings method, I made a mistake in the code and came across a segmentation fault. Based on how the program executed I was pretty sure of approximately where the error was occurring, but rather than go and find the mistake I thought it would be a lot more useful to step through the program in the debugger and examine the problem that way. By doing this I’ll make it easier for myself to debug similar (more complex) problems in the future.
Earlier today I wrote some assembly code to compare 2 strings and print out whether or not they were equal to one another. I’ve been learning more assembly and so I thought I would tweak it a bit to improve the way it works and add more “features”. After some studying I’ve managed to get it working as a real function that actually takes arguments via the stack. On top of that, the function now returns a value that designates the index where the comparison failed; this is stored in the EAX register. Even further, by using a buffer in memory I was able to print a string that informs the user of the index where the comparison failed.
As part of my quest to improve my assembly skills I’ve been reviewing Vivek Ramachandran’s Assembly Primer for Hackers. I’ve nearly completed the series and I thought I would try out some of what I learned. I did my best to write this code completely from scratch and without reviewing the videos at all. I did peek at Professor Ben Abdallah’s reference guide to decide which loop instruction was appropriate and how to jump to the correct label after using cmp, but I didn’t feel like I was having to learn the material; it was used as a reference guide just as it was intended.
Assembly is a language I’ve dabbled in for years, but never really pressed myself to become fluent in. I understand the basics of memory layout and the general idea of how to program in assembly, but I’ve never fully applied these skills in the security realm. In preparation for Penetration Testing with BackTrack, I’ll be reviewing assembly language from the ground up to ensure I’m at maximum potential going into the study course.
To review assembly I’ll primarily be following the Assembly Primer for Hackers from Vivek Ramachandran of SecurityTube. I’ve been through several of these lessons before and they’re very easy to follow for someone who has previous Linux and programming experience but would like a thorough introduction to assembly. What I’ll be doing here is documenting simple tips that will help me later. Hopefully this will become a useful study guide and cheat-sheet for both assembly and gdb (the GNU debugger).