Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)

377 views

Published on

Slides for a college course at City College San Francisco. The other lectures are based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q, but this topic is not in that book.

Instructor: Sam Bowne

Class website: https://samsclass.info/127/127_S17.shtml

Published in: Education
  • Be the first to comment

  • Be the first to like this

CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)

  1. 1. CNIT 127: Exploit Development
 
 Lecture 7: 64-bit Assembler Not in textbook Rev. 3-9-17
  2. 2. 64-bit Registers • rip = Instruction pointer • rsp = top of stack
  3. 3. Windows Limitations • Windows doesn't implement full 64-bit addressing • Windows 2008 Server uses 44 bits – Max. 16 TB RAM • Windows 8.1, 2015 revision, uses 48 bits – Max. 256 TB RAM • Links Ch L7d, L7e
  4. 4. OS Limitations • OS uses top half • User programs use lower half
  5. 5. System Calls • syscall replaces INT 80
  6. 6. L7h: Searchable Linux Syscall Table
  7. 7. L7c: Introduction to x64 Assembly Intel Developer Zone • More details about registers
  8. 8. Common Opcodes
  9. 9. Syscall 1: Write
  10. 10. Simplest Program: ABC
  11. 11. Works, then Crashes (no exit)
  12. 12. Exit
  13. 13. Works Without Crashing
  14. 14. Letters in Order
  15. 15. Using a .data section • db = "Define Byte"
  16. 16. Objdump
  17. 17. Using gdb • .data and .text sections appear the same
  18. 18. .text and .data Sections
  19. 19. info registers
  20. 20. Using read
  21. 21. "echo" with a .data section
  22. 22. Works with Junk at End
  23. 23. Caesar Cipher
  24. 24. Works for 4 Bytes Only
  25. 25. Objdump Shows a 32-bit Value
  26. 26. Intel 64 and IA-32 Architectures Software Developer's Manual
  27. 27. Must use a Register
  28. 28. Now it Works
  29. 29. Challenge 1
 "Hello from YOURNAME"
  30. 30. Challenge 2
 Caesar (3 steps back)
  31. 31. Challenge 3: XOR Encryption

×