*Intro: Hey it's Aro and this is my first tutorial. In this basic assembly tutorial shows basics things you need to know. I had this Idea that there is other people like me who are still learning and want someone to learn with to I made this tutorial for people to learn along with me so we can all spread infomation. If anyone who knows about assembly please correct if there is anything wrong in my tutorial. I need feedback it will let me know what I need to do to be better. 
By the way we are not programming yet that's for another day. You need to know this stuff. +REP if you like.
Hope you like it Aro.
This tutorial contains the following information:
*System Organization Basics
*CPU
*CPU Registers
*Stack
System Organization Basics:
--------------------------------------------------------------------------------------------------
CPU (aka Central Processing Unit):
------------------------------------------------------------------------------------------------------
![[Image: 19884527.png]](http://img39.imageshack.us/img39/3021/19884527.png)
*Control Unit: Retrieve/Decode instructions,Retrieve / Storeage data in memory.
*Execution Unit: Acually Exectution of instruction.
*Register: Internal memory locations used as variables.
*Flags: Used to indicate various "event" when exectution is happening.
CPU Registers:
-------------------------------------------------------------------------------------------------------------------------------------------------
Registers are internal memory locations used as variables. A register is 32 bits long or 4 bytes there are 8 registers. EAX, EBX, ECX, EDX,
ESI, EDI, ESP, and EBP.
The "E" in the beginning of all the registers indicates that it is a 32 bit register.
General Purpose Registers
--------------------------------------------------------------------------------------
![[Image: 45396866.png]](http://img13.imageshack.us/img13/6950/45396866.png)
*EAX (Accumulator Register) : General used for storing operands and result data
*EBX (Base Register): Used for storing pointers to data. Only register that can be used as an index
*ECX (Counter Register): Used for loop operations.
*EDX (Data Register): Used as a input outup pointer.
*ESI, EDI (Pointer)- Data Pointer Registers from memory operations, generally used for string operations.
*ESP (Pointer): Stack Pointer Register.
*EBP (Pointer): Stack Data Pointer Register.
![[Image: 17723859.png]](http://img195.imageshack.us/img195/8660/17723859.png)
32 bit registers can be split into 16 bit. In 16 bit programs only the lowest bits of the registers are used. They have the same names as general registers but without the "E"
example:
AX, EX, CX, DX, SI, DI, SP, BP.
![[Image: 73196282.png]](http://img7.imageshack.us/img7/3317/73196282.png)
The 16 bit register can be spit into highbyte and lowbyte.
example:
EAX is 32 bit, AX is the lowest 16 bit of EAX and then the AX could be split
into AH (highbyte) and AL (lowbyte) which are one byte in size.
![[Image: 74229546.png]](http://img35.imageshack.us/img35/4625/74229546.png)
Segment Registers
--------------------------------------------------------------------------------------
![[Image: 44535853.png]](http://img43.imageshack.us/img43/8947/44535853.png)
*CS (Code segment) - 16 bit number that points to a active code-segment
*DS (Data segment) - 16 bit number that points to a active data-segment
*SS (Stack segment - 16 bit number that points to a active stack-segment
*ES (Extra segment) - 16 bit number that points to a active extra segment
![[Image: 91686918.png]](http://img35.imageshack.us/img35/3470/91686918.png)
*EIP (32 bit intruction pointer) points to the instruction being done.
*A control register is a processor register which changes or controls the general behavior of a CPU or other digital device. Common tasks
performed by control registers include interrupt control, switching the addressing mode, paging control, and coprocessor control. Check
http://en.wikipedia.org/wiki/Control_register for more information.
Virtual Memory Model:
Every process is laid out in the same virtual memory space, it doesn't matter what the the actual memory location. Every process that runs in
the system seems like its running independently. There is a security feature in Linux 2.6 and higher that's called "randomize_va_space" this feature
protects against Buffer Overflows. randomize_va_space uses space randomization if enabled to 1 (true), which is default to disable it change it to 0 (false). This will be helpful to practice on buffer overflows.
If you have windows don't do this though I recommend you to get Linux such as Ubuntu (even a live CD) it would help if you really want to get good at this. But if you want to get a dissembler get NASM for windows.
Program Memory:
--------------------------------------------------------------------------------------------
![[Image: 73229369.png]](http://img19.imageshack.us/img19/7681/73229369.png)
*The first segment is the .text segment. This segment cotains the actual program the execuable instructions are located here.
*The second segment is the .data. This is where any data that has been initalized with a value is held.
example:
.data
Int32:
.int 2
*The third segment is the .bss. This is where unused data is held.
example:
.bss
.comm Buffer, 1024
*The third segment is the heap. The heap is where the virtual memory space is located.
*The fourth segment is just unused memory.
*The firth segment is the Stack which is general used for storing function arguments and local variables. The stack is located in the highest memory location possible. It general goes down the memory from highest to lowest memory. The stack is last in first out data structure otherwise know as a LIFO (Last in First Out).
The Stack
-------------------------------------------------------------------------------------------------------------------------
As I said before. A stack is a temporary storage unit in computer memory where function arguments and local variables are stored. The LIFO Principle is last value you put in the first it comes out. Just imagine you have a stack of papers when I wanted my teach to correct my test first I would wait until everybody finished so when I put in my test on her desk I can sneak a peek on my score or how many red marks are on my test when she starts correcting it when we walk out of class.
When you PUSH two values on the stack you will get the last one first because of that method.
The 0x00000 you see below is hexadecimal. When the computer compiles a program it will covert it to machine code readable by the CPU then executed. The computer used hexadecimal because it more readable than 1's and 0's. The number system we use most is the decimal number system system 1,2,3,4,5,6,7,8,9,10.
Watch Youtube videos to learn about hexadecimal and binary numbers.
I'll get you started:
What the Hell is Hexadecimal? Part 1
What the Hell is Hexidecimal? Part 2
PUSH - pushes value on stack
POP - removes from stack
ESP - Points to stack
Example of LIFO Principle REMEMBER MUST KNOW LIFO:
![[Image: 18823123.png]](http://img12.imageshack.us/img12/7126/18823123.png)
Right here is a example of a stack. The ESP register holds 0x000008 which is the top of the stack.
example: ESP 0x0000008
![[Image: 50149555.png]](http://img33.imageshack.us/img33/7066/50149555.png)
The stack adds a new value (0x0000007) and (0x0000006) using the PUSH operation.
example: PUSH 0x0000007
PUSH 0x0000006
![[Image: 42712195.png]](http://img196.imageshack.us/img196/3059/42712195.png)
Now we update the ESP pointer to the top of the stack to the address 0x00000006.
example: ESP 0x0000006
![[Image: 60795540.png]](http://img40.imageshack.us/img40/8073/60795540.png)
Now we use the POP operation to take that value of the stack. Which removes that last operation put into the stack (LIFO REMEMBER).
example: POP 0x00000006
![[Image: 47356423.png]](http://img35.imageshack.us/img35/160/47356423.png)
Next we have to update the ESP pointer to value 0x0000007.
example: ESP 0x00000007
![[Image: 65900136.png]](http://img33.imageshack.us/img33/6789/65900136.png)
Next we have to POP the last first value we put in off the stack. (LIFO)
example: POP 0x00000007
![[Image: 99543961.png]](http://img24.imageshack.us/img24/4804/99543961.png)
Finally we update the ESP pointer register to the top of the stack.
example: ESP 0x0000008
Now I hope you understand the LIFO Principle if you don't, leave a question. Or Google.com its the best hacking site. +REP PL0X
©2012, copyright BLACK BURN
By the way we are not programming yet that's for another day. You need to know this stuff. +REP if you like.Hope you like it Aro.
This tutorial contains the following information:
*System Organization Basics
*CPU
*CPU Registers
*Stack
System Organization Basics:
--------------------------------------------------------------------------------------------------
CPU (aka Central Processing Unit):
------------------------------------------------------------------------------------------------------
*Control Unit: Retrieve/Decode instructions,Retrieve / Storeage data in memory.
*Execution Unit: Acually Exectution of instruction.
*Register: Internal memory locations used as variables.
*Flags: Used to indicate various "event" when exectution is happening.
CPU Registers:
-------------------------------------------------------------------------------------------------------------------------------------------------
Registers are internal memory locations used as variables. A register is 32 bits long or 4 bytes there are 8 registers. EAX, EBX, ECX, EDX,
ESI, EDI, ESP, and EBP.
The "E" in the beginning of all the registers indicates that it is a 32 bit register.
General Purpose Registers
--------------------------------------------------------------------------------------
*EAX (Accumulator Register) : General used for storing operands and result data
*EBX (Base Register): Used for storing pointers to data. Only register that can be used as an index
*ECX (Counter Register): Used for loop operations.
*EDX (Data Register): Used as a input outup pointer.
*ESI, EDI (Pointer)- Data Pointer Registers from memory operations, generally used for string operations.
*ESP (Pointer): Stack Pointer Register.
*EBP (Pointer): Stack Data Pointer Register.
32 bit registers can be split into 16 bit. In 16 bit programs only the lowest bits of the registers are used. They have the same names as general registers but without the "E"
example:
AX, EX, CX, DX, SI, DI, SP, BP.
The 16 bit register can be spit into highbyte and lowbyte.
example:
EAX is 32 bit, AX is the lowest 16 bit of EAX and then the AX could be split
into AH (highbyte) and AL (lowbyte) which are one byte in size.
Segment Registers
--------------------------------------------------------------------------------------
*CS (Code segment) - 16 bit number that points to a active code-segment
*DS (Data segment) - 16 bit number that points to a active data-segment
*SS (Stack segment - 16 bit number that points to a active stack-segment
*ES (Extra segment) - 16 bit number that points to a active extra segment
*EIP (32 bit intruction pointer) points to the instruction being done.
*A control register is a processor register which changes or controls the general behavior of a CPU or other digital device. Common tasks
performed by control registers include interrupt control, switching the addressing mode, paging control, and coprocessor control. Check
http://en.wikipedia.org/wiki/Control_register for more information.
Virtual Memory Model:
Every process is laid out in the same virtual memory space, it doesn't matter what the the actual memory location. Every process that runs in
the system seems like its running independently. There is a security feature in Linux 2.6 and higher that's called "randomize_va_space" this feature
protects against Buffer Overflows. randomize_va_space uses space randomization if enabled to 1 (true), which is default to disable it change it to 0 (false). This will be helpful to practice on buffer overflows.
If you have windows don't do this though I recommend you to get Linux such as Ubuntu (even a live CD) it would help if you really want to get good at this. But if you want to get a dissembler get NASM for windows.
Code:
To disable the linux patch (Only do the stuff above if you want or going to practice doing buffer overflow attacks:
cat/proc/sys/kernel/randomize_va_space
echo 0 > /proc/sys/kernel/randomize_va_space
cat /proc/sys/kernel/randomize_va_spaceProgram Memory:
--------------------------------------------------------------------------------------------
*The first segment is the .text segment. This segment cotains the actual program the execuable instructions are located here.
*The second segment is the .data. This is where any data that has been initalized with a value is held.
example:
.data
Int32:
.int 2
*The third segment is the .bss. This is where unused data is held.
example:
.bss
.comm Buffer, 1024
*The third segment is the heap. The heap is where the virtual memory space is located.
*The fourth segment is just unused memory.
*The firth segment is the Stack which is general used for storing function arguments and local variables. The stack is located in the highest memory location possible. It general goes down the memory from highest to lowest memory. The stack is last in first out data structure otherwise know as a LIFO (Last in First Out).
The Stack
-------------------------------------------------------------------------------------------------------------------------
As I said before. A stack is a temporary storage unit in computer memory where function arguments and local variables are stored. The LIFO Principle is last value you put in the first it comes out. Just imagine you have a stack of papers when I wanted my teach to correct my test first I would wait until everybody finished so when I put in my test on her desk I can sneak a peek on my score or how many red marks are on my test when she starts correcting it when we walk out of class.
When you PUSH two values on the stack you will get the last one first because of that method.
The 0x00000 you see below is hexadecimal. When the computer compiles a program it will covert it to machine code readable by the CPU then executed. The computer used hexadecimal because it more readable than 1's and 0's. The number system we use most is the decimal number system system 1,2,3,4,5,6,7,8,9,10.
Watch Youtube videos to learn about hexadecimal and binary numbers.
I'll get you started:
What the Hell is Hexadecimal? Part 1
What the Hell is Hexidecimal? Part 2
PUSH - pushes value on stack
POP - removes from stack
ESP - Points to stack
Example of LIFO Principle REMEMBER MUST KNOW LIFO:
Right here is a example of a stack. The ESP register holds 0x000008 which is the top of the stack.
example: ESP 0x0000008
The stack adds a new value (0x0000007) and (0x0000006) using the PUSH operation.
example: PUSH 0x0000007
PUSH 0x0000006
Now we update the ESP pointer to the top of the stack to the address 0x00000006.
example: ESP 0x0000006
Now we use the POP operation to take that value of the stack. Which removes that last operation put into the stack (LIFO REMEMBER).
example: POP 0x00000006
Next we have to update the ESP pointer to value 0x0000007.
example: ESP 0x00000007
Next we have to POP the last first value we put in off the stack. (LIFO)
example: POP 0x00000007
Finally we update the ESP pointer register to the top of the stack.
example: ESP 0x0000008
Now I hope you understand the LIFO Principle if you don't, leave a question. Or Google.com its the best hacking site. +REP PL0X
©2012, copyright BLACK BURN
0 comments:
Post a Comment