IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [assembly]

Assembly language is a low-level programming language whose instructions map almost 1-to-1 to a computer's machine code.

Assembly language is a low-level programming language whose instructions map almost 1-to-1 to a computer's machine code.

When analyzing an executable whose source code is unknown (e.g. the payload of an attack), the analyst can use a tool called a disassembler. A disassembler translates the machine code instructions (the numbers that form the unknown code) to assembly language, helping the analyst to better understand what the code is doing.

Below is a simple example of what assembly code looks like. Although assembly code looks quite cryptic, all the words are names or abbreviations. The example is for the x86 family of processors.

CLC
MOV  AX, 5   
ADD  AX, [SI]
MOV  [SI], AX
82 questions
2
votes
0 answers

Problem when disassembling 16-bit binary one instruction at the time

I am currently disassembling a binary that enters vm86 mode, so 32-bit binary in 16-bit mode. While IDA fails to do that correctly, I took the initiative to do it by myself. Problem is, I very often stumble on two "0x00" opcodes that follow each…
P1kachu
  • 153
  • 1
  • 7
1
vote
1 answer

Possible shellcode mailed to me

When I opened my email this morning I found a rather odd message in my mail box. It didn't seem like your every day spam email as it looked like a base64 encoded string and nothing else. Here is a screenshot of the email: I tried running it through…
Paradoxis
  • 892
  • 7
  • 15
1
vote
1 answer

When I controll EIP, how do I discover what the next steps are?

Lets say I can control the EIP CPU Register, and I want to jump to a specific function of which I know the correct memory address. This address is inside the same memory page. We have no exploit mitigations enabled. Can I then just pass the memory…
Dirk
  • 510
  • 1
  • 4
  • 16
1
vote
0 answers

msfvenom: how to output assembly of windows payload for inline assembly in C?

My goal is to obfuscate metasploit windows payloads' assembly code (adding junk code to the payload itself), then adding the obfuscated shellcode to inline assembly in C. The issue is there is no format command line argument (-f) that provides an…
pokkery98
  • 11
  • 1
1
vote
2 answers

How do attackers determine ROP gadgets remotely?

Being gadgets change per each system and architecture (do they?), how would an attacker be able to determine the offsets of various Return Oriented Programming gadgets, would an attacker first need to determine: -The operating system? -The…
asd40732
  • 11
  • 2
1
vote
1 answer

Understanding ret2libc return address location

I recently was studying x86 buffer overflows + ret2libc attacks from https://www.ret2rop.com/2018/08/return-to-libc.html and I noticed the order is as follows: bytes to fill buffer + address of system + return address for system/address of exit +…
asd_665
  • 13
  • 2
1
vote
2 answers

How does ASLR work if in the assembly code the addresses are the same

Let's say I have this piece of code that changes the 10 address to the value 20 and the following one to 30 mov ebx,10 mov [ebx],20 add ebx,1 mov ebx,30 How can the address change each time it is executed? is it require change that the compiler do…
for the
  • 13
  • 4
1
vote
0 answers

Exploit - Code execution without assembly call instruction, int etc on ia_64

Found a bug in a function in a loop where I can go past a loop in assignment where value is read from past malloced memory The function has no call, int or other assembly instructions afterwards. Instruction I control is movzbl. I control the source…
dev
  • 937
  • 1
  • 8
  • 23
1
vote
1 answer

Memory address problem in GNU Debugger

I'm new to gbd. I've wrote a simple program which will print hello world 10 times(I've listed the program in the screenshot). Then I've displayed the assembly language and set the break point to main and after running the program untill main, I've…
Abhirup Bakshi
  • 167
  • 1
  • 6
1
vote
0 answers

Buffer bomb level 3 - Prevent stack corruption

I am trying to complete level 3 of buffer bomb lab. The task is to supply an exploit string that will cause getbuf to return my cookie (0x4b64b076) back to test, rather than the value 1. The exploit code should set the cookie as the return value,…
Helen Grey
  • 111
  • 1
1
vote
1 answer

Remote Buffer Overflow w/out Memory Leak

I'm working on an exploit development challenge right now in which I've been presented with a compiled binary and I have to exploit it on a remote server. No stack protections have been enabled and ASLR is disabled. I've written the exploit…
leaustinwile
  • 366
  • 1
  • 8
1
vote
1 answer

What is the purpose of the instruction fldz on the Aaron Adams shellcode?

I'm studying the Aaron Adams assembly code. You can find the documentation here (section --[ 2.b.i Getting EIP). I understand that the goal is to get the EIP. I know that the FPU environment looks like below: struct _fpstate_32 { /* Legacy FPU…
salt
  • 259
  • 2
  • 11
1
vote
2 answers

is it possible to craft exploits for non-open source C/C++ software without fuzzing?

imagine that if i wanted to find a vulnerability in a program that is used by a lot of people in order to exploit it. the program is open source and is written in C/C++ . would this even be possible (fuzzing excluded) as google tells me that it is…
harry
  • 21
  • 2
1
vote
0 answers

Why can't I see my shellcode executing in Immunity Debugger?

I am doing an exercise on creating custom shellcode (windows). The goal is to create shellcode that will delete the firewall log file. I successfully spawned a reverse shell with metasploit, using a python program I wrote, but when I try writing my…
Ben P
  • 11
  • 1
1
vote
1 answer

Binary Exploitation - How to set GID of a SUID binary using shellcode?

I have a binary that is SUID which I can currently use a buffer overflow exploit to obtain an elevated EUID shell. However I haven't worked much with changing IDs through shellcode, and the file I need to access requires me to have a GID equal to…
Sif
  • 13
  • 4
1 2 3
4
5 6