Introductory Intel x86-64

[Nytro]

ntroductory Intel x86-64: Architecture, Assembly, Applications, & Alliteration

Creator: Xeno Kovah @XenoKovah

License: Creative Commons: Attribution, Share-Alike

(http://creativecommons.org/licenses/by-sa/3.0/)

Class Prerequisites: Must have a basic understanding of the C programming language, as this class will show how C code corresponds to assembly code.

Lab Requirements: Requires a 64 bit Windows 7 system with Visual C++ 2012 Express Edition. Requires a 64 bit Linux system with gcc and gdb, and the CMU binary bomb installed. Either system can be physical or virtual.

Class Textbook: "Introduction to 64 Bit Assembly Programming for Linux and OS X: Third Edition" by Ray Seyfarth

Recommended Class Duration: 2 days

Creator Available to Teach In-Person Classes: Yes

Author Comments:

Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation.

25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.

This class serves as a foundation for the follow on Intermediate level x86 class. It teaches the basic concepts and describes the hardware that assembly code deals with. It also goes over many of the most common assembly instructions. Although x86 has hundreds of special purpose instructions, students will be shown it is possible to read most programs by knowing only around 20-30 instructions and their variations.

The instructor-led lab work will include:

* Stepping through a small program and watching the changes to the stack at each instruction (push, pop, call, ret (return), mov)

* Stepping through a slightly more complicated program (adds lea(load effective address), add, sub)

* Understanding the correspondence between C and assembly control transfer mechanisms (e.g. goto in C == jmp in ams)

* Understanding conditional control flow and how loops are translated from C to asm(conditional jumps, jge(jump greater than or equal), jle(jump less than or equal), ja(jump above), cmp (compare), test, etc)

* Boolean logic (and, or, xor, not)

* Logical and Arithmetic bit shift instructions and the cases where each would be used (shl (logical shift left), shr (logical shift right), sal (arithmetic shift left), sar(arithmetic shift right))

* Signed and unsigned multiplication and division

* Special one instruction loops and how C functions like memset or memcpy can be implemented in one instruction plus setup (rep stos (repeat store to string), rep mov (repeat mov)

* Misc instructions like leave and nop (no operation)

* Running examples in the Visual Studio debugger on Windows and the Gnu Debugger (GDB) on Linux

* The famous "binary bomb" lab from the Carnegie Mellon University computer architecture class, which requires the student to do basic reverse engineering to progress through the different phases of the bomb giving the correct input to avoid it “blowing up”. This will be an independent activity.

Knowledge of this material is a prerequisite for future classes such as Intermediate x86, Rootkits, Exploits, and Introduction to Reverse Engineering.

To submit any suggestions, corrections, or explanations of things I didn’t know the reasons for, please email me at the address above.

Author Biography: Xeno has a BS in CS from UMN, and an MS in security from CMU, which he attended through the National Science Foundation Scholarship for Service (aka CyberCorps) program. He has been attending security conferences since 1999, working full time on security research since 2007, and presenting at conferences since 2012. He is a little bit broke in the brain in that way that makes him feel the need to collect things. Most recently he has been collecting conference speaking credits. He has presented at BlackHat USA/EUR, IEEE S&P, ACM CCS, Defcon, CanSecWest, PacSec, Hack in the Box KUL, Microsoft BlueHat, Shmoocon, Hack.lu, NoSuchCon, SummerCon, ToorCon, DeepSec, VirusBulletin, MIRCon, AusCERT, Trusted Infrastructure Workshop, NIST NICE Workshop, DOD Information Assurance Symposium, and MTEM. His joint work has also been presented by his colleagues at Syscan, EkoParty, Hack in the Box AMS, Hack in Paris, Sec-T, SecTor, Source Boston, and Breakpoint/Ruxcon. Gotta collect ‘em all! (he says, as someone who is *not* of the Pokemon generation, but understands that particular form of psychological manipulation)

Class Materials

All Materials (.zip of .pptx 302 slides), pdf(manuals), visual studio(code) files)

All Materials (.zip of .key(302 slides), pdf(manuals), visual studio(code) files)

All Materials (.zip of .pdf(302 slides), pdf(manuals), visual studio(code) files)

Introduction (26 slides)

Refreshers (5 slides)

Architecture (19 slides)

The Stack (22 slides)

Example 1 (43 slides)

Local variables (15 slides)

Function parameter passing (14 slides)

Control flow (15 slides)

Boolean logic (9 slides)

Shifts (11 slides)

Multiply & divide (5 slides)

Rep Stos (9 slides)

Rep Movs (8 slides)

Assembly syntax (Intel vs. AT&T syntax) (4 slides)

Linux tools (21 slides)

Inline assembly & raw byte emitting (10 slides)

Read The Fun Manual! (20 slides)

Variable length assembly instructions (3 slides)

Effects of compiler options (4 slides)

Bomb lab (6 slides)

Messing with disasemblers (7 slides)

Twos compliment (6 slides)

Basic buffer overflow lab (12 slides)

Conclusion (8 slides)

Visual Studio Express 2012 code for labs

64 bit compiled copy of CMU Linux bomb lab ELF executable (originally from here)

Sursa: http://opensecuritytraining.info/IntroX86-64.html

Edited November 12, 2014 by Nytro