IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [assembly]

Assembly language is a low-level programming language whose instructions map almost 1-to-1 to a computer's machine code.

Assembly language is a low-level programming language whose instructions map almost 1-to-1 to a computer's machine code.

When analyzing an executable whose source code is unknown (e.g. the payload of an attack), the analyst can use a tool called a disassembler. A disassembler translates the machine code instructions (the numbers that form the unknown code) to assembly language, helping the analyst to better understand what the code is doing.

Below is a simple example of what assembly code looks like. Although assembly code looks quite cryptic, all the words are names or abbreviations. The example is for the x86 family of processors.

CLC
MOV  AX, 5   
ADD  AX, [SI]
MOV  [SI], AX
82 questions
5
votes
1 answer

How to bypass ASLR with ROP

I was reading this article by the InfoSec institute: http://resources.infosecinstitute.com/an-introduction-to-returned-oriented-programming-linux/#gref And was able to follow along until he did the ROP Chain. He finds the offset of printf and execve…
alloy
  • 51
  • 1
  • 3
4
votes
1 answer

Explaining a buffer overflow vulnerability in C

Given this C program: #include #include int main(int argc, char **argv) { char buf[1024]; strcpy(buf, argv[1]); } Built with: gcc -m32 -z execstack prog.c -o prog Given shell code: EGG=$(printf…
janos
  • 93
  • 9
4
votes
2 answers

Why does my stack contain the return address to __libc_csu_init after main is initialised?

I wrote a simple program in C, compiled it, opened it in gdb, set a breakpoint at line 11 and inspected the stack. 1 #include 2 3 int main(int argc, char *argv[]){ 4 char arr[4] = "AABB"; 5 int square = foo(2); 6 …
Hugh Pearse
  • 141
  • 1
  • 4
4
votes
3 answers

Are there any tools that focus on shellcode analysis?

Shellcode presents certain challenges for disassembly. It often self-modifies, jumps to the stack (where the shellcode will likely be placed), and relies on certain unusual tricks that standard disassembly tools don't focus on. With this in mind,…
Polynomial
  • 132,208
  • 43
  • 298
  • 379
4
votes
2 answers

Why do we need to remove null bytes from shell code?

I'm studying the basics of making shell codes. I have a question about it. In my textbook, the author stores his shell code in an environment variable, and injects the address of it using strcpy() in a program. When he makes his shell code, he…
John Smith
  • 41
  • 1
  • 3
4
votes
1 answer

Custom EXE Template Metasploit 64-bit ASM PE Syntax

I asked this previously then deleted since I think I asked the question without gearing it towards msfvenom and custom EXE templates. There is a 64-bit Windows PE written in assembly that ships with Metasploit that I am trying to compile to an EXE…
user9225381
  • 41
  • 2
4
votes
2 answers

Buffer Overflow doesn't have enough space for exploit after being crashed

So I'm trying to write a buffer overflow for a knowingly vulnerable server application, I want to learn how to do this on my own and just want some direction. I'm watching it in immunity debugger on the server and have control over the ECX, EBP, and…
Hadoken
  • 53
  • 2
  • 7
4
votes
1 answer

How can Malware authors be determined?

My question is: How can we make any conclusions about malware authors at all, when anyone could just get sample malware online, copy paste the parts they like, and add their own parts to it? Obviously there are many types of malware this question…
PositriesElectron
  • 1,595
  • 1
  • 13
  • 17
4
votes
2 answers

What lies behind this complicated shellcode on linux?

It's pretty much my first time playing around with a buffer overflow exploit. I've written a simple C program that is vulnerable to buffer overflows: #include #include #include void main() { char* filename =…
Kfir Eichenblat
  • 143
  • 5
3
votes
1 answer

Stack buffer overflow confusion

I am trying to dig deeper into the nuts and bolts a stack buffer overflow using the classical NOP-sled technique. Reading some articles and watching videos brought me to a confusion which can be demonstrated in these 2 pictures (which contradict…
Franko
  • 1,530
  • 5
  • 18
  • 30
3
votes
1 answer

Why does my RIP value change after overwriting via an overflow?

I've been working on a buffer overflow on a 64 bit Linux machine for the past few days. The code I'm attacking takes in a file. This original homework ran on a 32-bit system, so a lot is differing. I thought I'd run with it and try to learn…
sneakyfishies
  • 31
  • 4
3
votes
1 answer

Problem with overwriting the return address (buffer overflow)

I'm trying to exploit the following code with a buffer overflow and make it run the overflowed function: #include #include void overflowed() { printf("%s\n", "Execution Hijacked"); } void function(char…
user1758952
  • 131
  • 1
  • 1
  • 3
3
votes
1 answer

How does this simple buffer overflow work?

I've got this simple code vuln.c #include #include int main(int argc, char** argv) { char buffer[500]; strcpy(buffer, argv[1]); printf("%s", buffer); return 0; } I am trying to perform a buffer overflow…
Izy-
  • 853
  • 1
  • 8
  • 17
3
votes
1 answer

Running a brief asm script inline for dynamic analysis

Is there any good reason not to run a brief unknown (30 line) assembly script inline in a usermode c program for dynamic analysis directly on my laptop? There's only one system call to time, and at this point I can tell that it's a function that…
comp.sci.intern
  • 33
  • 3
3
votes
3 answers

What assembly should I learn?

I want to learn assembly, but I am not sure what instruction set (if that is correct term?) I should learn? I have prior experience in programming, and I did a degree in Computer Science but amazingly it was never covered. I need to be taught the…
user5623335
  • 381
  • 1
  • 4
  • 12
1
2
3 4 5 6