x86 Assembly Crash Course

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

This was a great introduction to x86 Assembly. I'm not sure why it's limited to hacking, when it could have just as easily called it's self an introduction to x86 Assembly and been done.

👍︎︎ 12 👤︎︎ u/[deleted] 📅︎︎ Mar 05 2017 🗫︎ replies

Wow this was a great 10 min video. Managed to compress a lot of information into that time yet was still very easy to follow. Are you the author? I really liked this format.

👍︎︎ 8 👤︎︎ u/TheGarrison89 📅︎︎ Mar 05 2017 🗫︎ replies

Oddly enough, I go to this school. I wish I could join HackUCF too lol. I work when they meet though. Great video!

👍︎︎ 3 👤︎︎ u/WNxTyr4el 📅︎︎ Mar 06 2017 🗫︎ replies

99% of Roller Coaster Tycoon was wrote in this language. I can't even imagine the dedication required.

👍︎︎ 3 👤︎︎ u/Boonaki 📅︎︎ Mar 06 2017 🗫︎ replies

Decent intro vid to x86_32

👍︎︎ 2 👤︎︎ u/kcmattparker 📅︎︎ Mar 06 2017 🗫︎ replies

Anyone know where the rest of the series on binary exploitation is?

👍︎︎ 1 👤︎︎ u/loophole64 📅︎︎ Mar 05 2017 🗫︎ replies

Thank you. I am going to have to watch this a few times.

👍︎︎ 1 👤︎︎ u/amwreck 📅︎︎ Mar 06 2017 🗫︎ replies

Brilliant, thank you.

👍︎︎ 1 👤︎︎ u/iStayGreek 📅︎︎ Mar 06 2017 🗫︎ replies

Pretty nice.

👍︎︎ 1 👤︎︎ u/turing_vm 📅︎︎ Mar 06 2017 🗫︎ replies

Captions

hi my name is Jericho and I will be leading you on your journey through binary exploitation binary exploitation is the process of taking compiled executables and making them do what you want them to do if you are interested in binary exploitation you must first understand what a binary is and how it works on a low level before you can exploit it this video is the x86 assembly crash course it will cover the most basic components that make up a si compiled executable get ready because there's going to be a lot of information coming at you very fast let's get hacking first off let's talk about compilers if you have taken a C programming class you'll probably use an IDE like code blocks or visual studios when you write a C program in code blocks and then click on that little gear symbol at the top of your screen what is actually happening is this your C file which is just the text file with a special extension is read by a compiler which will convert the code that you have written into a sequence of operations that will be executed by your computer each operation is comprised of a sequence of bytes called an operation code or opcode trying to read and understand the instructions that your computer will be executing by reading the op codes would be almost impossible because every executable contains thousands upon thousands of op codes this is where assembly comes in assembly is a language designed to translate the instructions that your computer will be executing into a language that can be read by humans in order to understand what is really happening while an executable is being run you must first understand assembly however before we can fully begin to understand assembly we must first understand the basic elements of an executable every C program has four main components to keep the stack registers and instructions at this time there are two main architectures that dictate how our program is compiled and executed 32-bit and 64-bit we will be going over the 32-bit architecture and 32-bit assembly the heap is an area in memory designed for the purpose of manual memory allocation the inner workings of the heap are incredibly complicated and learning every aspect of how the heap works would take a tutorial series of its own for now all you need to know is that memory is allocated on the heap whenever functions such as malloc and calloc are called as well as when global or static variables are declared registers are essentially small storage areas in your processor they can be used to store memory addresses values or anything that can be represented with eight bytes or less in the x86 architecture there are six general-purpose registers EAX EBX ECX edx ESI and EDI these registers are generally used on an as-needed basis there are also three registers reserved for specific purposes eb p e SP and e IP but we will get into those a bit later first let's talk about the stack the stack is a data structure comprised of elements that are added and removed with two operations push and pop push adds an element to the top of the stack and pop removes the top element from the stack each element on the stack is assigned to stack address elements that are higher on the stack have a lower address than those on the bottom of the stack in other words the stack grows towards lower memory addresses whenever a function is called that function is set up with what is called a stack frame all the local variables for that function will be stored in that function stack frame now let's talk about two of the special registers that we mentioned earlier the EBP register also known as the base pointer contains the address of the base of the current stack frame the ESP register also referred to as a stack pointer contains the address of the top element of the current stack frame all the space between these two registers make up the stack frame of whatever function is currently being called all the stack addresses outside of the current stack frame are considered to be junked by the compile let's go over a simple example of what happens when a function is called from Maine how its stack frame is set up and how its variables are stored on the stack let's say our function takes one integer as a parameter and declares to local integers one initialized to zero and the other initialize to the functions argument first the value of the argument is pushed onto the stack then the return address of the function is pushed onto the stack the return address is simply the four byte address of the instruction that will be executed as soon as the function has gone out of scope then the base pointer is pushed onto the stack then the stack pointer is given the value of the base pointer finally the stack pointer is decremented to make room for the local variables depending on your compiler the number of bytes that the stack pointer is decremented by may vary all the space in memory between the stack pointer and the base pointer is our function stack frame this sequence of instructions is called the function prologue the prologue is performed whenever a function is called since our functions first local variable is initialized to 0 the value 0 will be moved into the memory address 4 bytes below the base pointer this is because an integer is 4 bytes the local variable is now at location EBP minus 4 now on to our second local variable remember the value of our functions argument is stored 8 bytes above the base pointer which is not in the function stack frame since we have declared a local variable initialize the value of the argument the value of the argument needs to be moved into our function stack frame there is a catch here values on the stack cannot be moved directly to another location on the stack this is where our general-purpose registers come in the value of the argument to our function must first be copied into one of our general-purpose registers then the value is moved into the memory address 4 bytes below our first variable and eight bytes below the base pointer now both of our local variables have been initialized and can be accessed for later use now that we have a basic understanding of the rudimentary components of an executable let's talk about assembly and the instructions that your computer will follow during the process of executing your code there are two syntaxes that assembly is normally written in AT&T and Intel while the instructions themselves are the same regardless of the syntax the way the instructions are presented differ we will be covering the Intel syntax now let's get into assembly first let's go over the format of an assembly instruction every instruction has two parts the operation and its arguments operations can take either one or two arguments if an operation takes two arguments they are separated by a comma the move instruction takes two arguments and copies the value referred to by its second argument into the location referred to by its first argument however there is one copy I take the example where we would like to move a local variable on the stack into the EAX register say that our variable is being stored at EBP - 8 if the command were to read move EAX comma EBP - 8 this would not copy the value of our variable into the register this is because EBP - 8 is the address on the stack or our variable is located so instead this instruction would copy the address of our variable into the register in order to copy the actual value or what EBP - 8 is pointing to we use square brackets think of square brackets as the dereference operator in see when square brackets are used the value being pointed to is referenced the add instruction takes two arguments it adds the values of the two arguments and stores the result in the first argument for example if the EAX register contained the value 10 and we had the instruction add EAX comma 5 the EAX register would be updated with the value 15 the sub instruction works exactly the same way as the add instruction except instead of the arguments being added the value of the second argument is subtracted from the first the push instruction places its operand onto the top of the stack more specifically it first decrements the stack pointer then places its operand in to the location that it points to the pop instruction takes a register as an argument it will move the top element of the stack into the register specified by its argument and then increment the stack pointer thus popping the top element off the stack the le.a instruction stands for load effective address it places the address specified by its second operand into the register specified by its first operand this instruction is usually used for obtaining a pointer into a memory region now let's get into the control flow of an executable this is where all of the if statements and loops in your code come together to determine the order in which instructions are executed every instruction has an instruction address this is the area in memory where the instruction is stored the EIP register also known as the instruction pointer always contains the address of the instruction that is currently being executed the computer will execute whatever the instruction pointer is pointing to and then the instruction pointer will be moved to the next instruction the compare instruction is actually equivalent to the sub instruction except instead of storing the result into the first argument it will set a flag in the processor that contains the value 0 greater than 0 or less than 0 for example if we had the instruction compare 1 comma 3 this would subtract 3 from 1 and since negative 2 is less than 0 the flag would be set accordingly compare instructions are always followed by a jump instruction every jump instruction takes an instruction address as its argument it will check the current state of the flag and depending on the state set the instruction pointer to its argument there are many types of jump instructions some include jump at equal to jump if not equal to and jump if greater than so if the instructions from our last example compare 1 comma 3 was followed by the instruction jump if less than the jump would be taken if instead we had jump if greater than the jump would not be taken and the instruction pointer would simply move on to the next instruction the call instruction calls a function whether it be a user-defined function or a PLT function such as printf or scanf this instruction takes one argument it is equivalent to push EW jump argument in other words it will push the return address of the function being called on to the stack and then move to the first instruction of the function the leaf instruction is called at the end of every function it essentially destroys the current stack frame by setting the stack pointer to the base pointer and popping the base pointer off the top of the stack the return instruction always follows a leave instruction since the base pointer has already been popped off the stack the return address of the function is now on the top of the stack the return instruction will pop the return address off the top of the stack and then set the instruction pointer to that address

Info

Channel: HackUCF

Views: 598,806

Rating: 4.92419 out of 5

Keywords:

Id: 75gBFiFtAb8

Channel Id: undefined

Length: 10min 45sec (645 seconds)

Published: Fri Aug 19 2016