Results 1 to 7 of 7

Thread: Understanding ASM and binary execution?

  1. #1
    Junior Member
    Join Date
    Apr 2009
    Posts
    33

    Default Understanding ASM and binary execution?

    I have been trying to gain a better understand of the low level workings of software and modifying binary files. I have found a few starter examples for ASM and compiling with NASM but they don't really cover what each "function" (if that's even the right term) does. Spent some time on google but I have not found much. Any on-line references or intermediate tutorials (windows or linux, x86 or x64) are welcome.

    Any info on what makes up a linux or windows binary is also welcome. Curious to understand what makes up a executable file. for example in dissecting my hello world from nasm (in GHex) what part of the code points it to echo out the "Hello World". Its easy enough to modify the text but what if i wanted to move the text to a different part of the file or make it longer what would I need to change.

  2. #2
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    This is a bit from shellforge, don't know if this is what you want, or is even on the right track. It for a write command = char buf[20], write(1,buf,20);
    What i understand from asm if you find a part of the program or function label, replace it with the asm below and then add the goto label of the function you replaced at the end of this, it will print the stuff to the screen and then go onto the normal flow.

    Up date the thread if you find any infomation , i'm looking into this as well, cheers


    #define _sfsyscall3(type,name,type1,arg1,type2,arg2,type3, arg3) \
    type name(type1 arg1,type2 arg2,type3 arg3) \
    { \
    long __res; \
    __asm__ volatile ("pushl %%ebx\n\t" \
    "mov %2,%%ebx\n\t" \
    "int $0x80\n\t" \
    "popl %%ebx" \
    : "=a" (__res) \
    : "0" (__NR_##name),"g" ((long)(arg1)),"c" ((long)(arg2)), \
    "d" ((long)(arg3)) ); \
    __sfsyscall_return(type,__res); \
    }


    static inline _sfsyscall3( ssize_t, write, int, fd, const void *, buf, size_t, count )

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by rmills View Post
    I have been trying to gain a better understand of the low level workings of software and modifying binary files. I have found a few starter examples for ASM and compiling with NASM but they don't really cover what each "function" (if that's even the right term) does. Spent some time on google but I have not found much. Any on-line references or intermediate tutorials (windows or linux, x86 or x64) are welcome.

    Any info on what makes up a linux or windows binary is also welcome. Curious to understand what makes up a executable file. for example in dissecting my hello world from nasm (in GHex) what part of the code points it to echo out the "Hello World". Its easy enough to modify the text but what if i wanted to move the text to a different part of the file or make it longer what would I need to change.
    Most of the information is out there and only a Google search away. I'll give you some links below on Assembly and will also tell you that modern Windows executables are called Portable Executables (PE format executables) and Linux executables are Executable and Linkable Format (ELF binaries), so you may want to use those terms in some Google searches to find out more.

    Linux Assembly
    x86 32-bit Assembly for Atheists
    x86 assembly language - Wikipedia, the free encyclopedia

    You also might be interested by the "I piss on your antivirus" video on the Offensive Security site, muts does some modification on a PE file in order to bypass AV.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Member mixit's Avatar
    Join Date
    Jan 2010
    Posts
    104

    Default

    This is probably the most useful video series I've come across since I joined this forum. It covers assembly and buffer overflow exploitation. Check it out.

    https://wiki.remote-exploit.org/back...er%20Overflows

  5. #5
    Junior Member
    Join Date
    Apr 2009
    Posts
    33

    Default

    thanks for the input and Google pointers, I was trying different keywords but not finding much. got some reading to do tonight.

  6. #6
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    2

    Red face speedup

    Quote Originally Posted by compaq View Post
    This is a bit from shellforge, don't know if this is what you want, or is even on the right track. It for a write command = char buf[20], write(1,buf,20);
    What i understand from asm if you find a part of the program or function label, replace it with the asm below and then add the goto label of the function you replaced at the end of this, it will print the stuff to the screen and then go onto the normal flow.

    Up date the thread if you find any infomation , i'm looking into this as well, cheers
    : "0" (__NR_##name),"g" ((long)(arg1)),"c" ((long)(arg2)), if u add num 0 den it gona work fast (( : "0" (__NR_##name),"g" ((long)(arg1)),"c" ((long)(arg0)), \ ))

  7. #7
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    : "0" (__NR_##name),"g" ((long)(arg1)),"c" ((long)(arg2)), if u add num 0 den it gona work fast (( : "0" (__NR_##name),"g" ((long)(arg1)),"c" ((long)(arg0)), \ ))
    I will try it, and let you know how it goes, can you make it take up less space?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •