Introduction to Intel x86-64 Assembly and Alliteration Applications

Introduction to Intel x86-64 Assembly and Alliteration Applications
Slide Note
Embed
Share

Delve into the world of Intel x86-64 Assembly language, its architecture, and practical applications with a touch of alliteration, as presented in Xeno Kovah's comprehensive guide. Explore concepts of buffer overflow, stack diagrams, and solutions illustrated through code examples. Take a step-by-step journey through the basics of assembly programming, optimizing performance, and understanding memory management nuances. Uncover the power and intricacies of x86-64 Assembly with engaging visuals and hands-on lab exercises.

  • Intel
  • x86-64 Assembly
  • Architecture
  • Applications
  • Alliteration
nvosb
nvosb Follow

Uploaded on Feb 28, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah 2014 xkovah at gmail

  2. All materials is licensed under a Creative Commons Share Alike license. http://creativecommons.org/licenses/by-sa/3.0/ Attribution condition: You must indicate that derivative work "Is derived from Xeno Kovah's 'Intro x86-64 class, available at http://OpenSecurityTraining.info/IntroX86-64.html

  3. Are you ready to feel the POWER (buffer over)flow through you?!?! 53

  4. BasicBufferOverflow.c: Don t be lame! Force it to call AwesomeSauce()! #include <stdio.h> #include <stdlib.h> #include <string.h> int lame(__int64 value){ __int64 array1[4]; __int64 array2[4]; array2[0] = array2[1] = array2[2] = array2[3] = value; memcpy(&array1, &array2, 4 * sizeof(__int64)); return 1; } int lame2(__int64 size, __int64 value){ __int64 array1[4]; __int64 array2[4]; array2[0] = array2[1] = array2[2] = array2[3] = value; memcpy(&array1, &array2, size * sizeof(__int64)); return 1; } Awesome void AwesomeSauce(){ printf("Awwwwwww yeaaahhhhh! All awesome, all the time!\n"); } int main(unsigned int argc, char ** argv){ __int64 size, value; size = _strtoi64(argv[1], "", 10); value = _strtoi64(argv[2], "", 16); if(!lame(value) || !lame2(size,value)){ AwesomeSauce(); } else{ printf("I am soooo lame :(\n"); } 53 } return 0xdeadbeef;

  5. HINT! Seriously though, make a stack diagram, it will help

  6. Lab time! 53

  7. Solution Simple, right? :) 53

  8. The stack looks like this at line 9 in lame() before the memcpy(): arg1 = ecx = value 00000000`0012FE80 return address = 00000001400010f0 undef array2[3] = undef array2[2] = undef array2[1] = undef array2[0] = undef array1[3] = value array1[2] = value array1[1] = value array1[0] = value 00000000`0012FE78 00000000`0012FE70 00000000`0012FE68 00000000`0012FE60 00000000`0012FE58 00000000`0012FE50 00000000`0012FE48 00000000`0012FE40 00000000`0012FE38 RSP+0x20 00000000`0012FE30

  9. The stack looks like this at line 10 in lame() after the memcpy(): arg1 = ecx = value 00000000`0012FE80 return address = 00000001400010f0 undef array2[3] = value array2[2] = value array2[1] = value array2[0] = value array1[3] = value array1[2] = value array1[1] = value array1[0] = value 00000000`0012FE78 00000000`0012FE70 00000000`0012FE68 00000000`0012FE60 00000000`0012FE58 00000000`0012FE50 00000000`0012FE48 00000000`0012FE40 00000000`0012FE38 RSP+0x20 00000000`0012FE30

  10. The stack looks like this at line 17 in lame2() before the memcpy(): addresses look familiar? 00000000`0012FE80 arg1 = ecx = value return address = 00000001400010f0 undef 00000000`0012FE78 00000000`0012FE70 array2[3] = undef but still actually = value 00000000`0012FE68 array2[2] = undef but still actually = value 00000000`0012FE60 array2[1] = undef but still actually = value 00000000`0012FE58 array2[0] = undef but still actually = value 00000000`0012FE50 array1[3] = value 00000000`0012FE48 array1[2] = value 00000000`0012FE40 array1[1] = value 00000000`0012FE38 array1[0] = value RSP+0x20 00000000`0012FE30

  11. The stack looks like this at line 17 in lame2() before the memcpy(): addresses look familiar? 00000000`0012FE80 arg1 = ecx = value So set the size to 6 QWORDs to copy, and set the value to the address of AwesomeSauce() and collect your winner winner chicken dinner! return address = value! WINNER! value 00000000`0012FE78 00000000`0012FE70 array1[3] = value 00000000`0012FE68 array1[2] = value 00000000`0012FE60 array1[1] = value 00000000`0012FE58 array1[0] = value 00000000`0012FE50 array1[3] = value 00000000`0012FE48 array1[2] = value 00000000`0012FE40 array1[1] = value 00000000`0012FE38 array1[0] = value RSP+0x20 00000000`0012FE30

  12. Exploit mitigations This is a good example of how MS s compiler has exploit mitigations baked in. I was trying to just take my old, simple, and explicitly exploitable piece of code and port it to x86-64. But when I would put my buffers so that the big one would overwrite the small one, it placed the big buffer next to the stack pointer. This is smart since presumably writes will tend to be from the small to the big. But even if it s from the big to the small, it still won t naturally overflow into the stack pointer with contents from the buffer

  13. Exploit mitigations 2 params params params params params params return address return address return address return address return address big buffer big buffer return address big buffer big buffer big buffer big buffer small buffer small buffer big buffer big buffer small buffer small buffer small buffer small buffer small buffer http://msdn.microsoft.com/en-us/library/bb430720.aspx

  14. True power can not be had so simply, novice NX, ASLR, SEHOP all these would stand in your way. For a taste of true power, you must start start down a different path a darker path http://opensecuritytraining.info/Exploits1.html

Related


Introduction to Intel Assembly Language for x86 Processors

Introduction to Intel Assembly Language for x86 Processors

delano
Memory Virtualization in Operating Systems

Memory Virtualization in Operating Systems

kitty
Assembler Directives and Symbols in Assembly Language

Assembler Directives and Symbols in Assembly Language

laszlo
Evolution of Microprocessors: A Historical Overview

Evolution of Microprocessors: A Historical Overview

saarah
Flash Descriptor in x86 Systems

Flash Descriptor in x86 Systems

marija
15-213 Recitation: Bomb Lab Overview and Tips

15-213 Recitation: Bomb Lab Overview and Tips

ameliagrace
Poetry Techniques: Rhyme, Alliteration, and List Poems

Poetry Techniques: Rhyme, Alliteration, and List Poems

zaynah
x86-64 Procedures and Data Structures

x86-64 Procedures and Data Structures

ftim
Assembly Language Programming in Intel 8086: Multiplication, Division, and Array Handling

Assembly Language Programming in Intel 8086: Multiplication, Division, and Array Handling

pkhy
Highlights of General Assembly 2021 Online Meeting

Highlights of General Assembly 2021 Online Meeting

mbrun
Assembly Language Programming for Computing Layers

Assembly Language Programming for Computing Layers

navae
Literary Devices: Alliteration, Symmetrical Alliteration, Palindrome, and Assonance

Literary Devices: Alliteration, Symmetrical Alliteration, Palindrome, and Assonance

walbridge_r
SMI Suppression in x86 BIOS Management

SMI Suppression in x86 BIOS Management

paccione_j
Assembly Programming in CSE351 Spring 2017

Assembly Programming in CSE351 Spring 2017

liow317
Secure Cloud Applications with Intel SGX - OSDI 2014 Presentation Summary

Secure Cloud Applications with Intel SGX - OSDI 2014 Presentation Summary

albritton_a
Detector Assembly and Cryogenics Requirements for ILD Project

Detector Assembly and Cryogenics Requirements for ILD Project

mell_i
Engineering Assembly Drawings and Detail Requirements

Engineering Assembly Drawings and Detail Requirements

litt952
Evolution of Intel x86 Processors

Evolution of Intel x86 Processors

laticia
Intel x86 Evolution and Programming

Intel x86 Evolution and Programming

zakh_33
Introduction to Intel x86-64 Assembly Architecture

Introduction to Intel x86-64 Assembly Architecture

zelasko_k
Input, Output, and Automation in x86 Proved by Jason Gross and Andrew Kennedy

Input, Output, and Automation in x86 Proved by Jason Gross and Andrew Kennedy

nory
BM&N.STS Ladders Assembly at VLHEP: Structure, Components, Procedures

BM&N.STS Ladders Assembly at VLHEP: Structure, Components, Procedures

mozi_710

More Related Content