Reverse Engineering with IDA Pro. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta
|
|
- Magdalen Lewis
- 6 years ago
- Views:
Transcription
1 1 Reverse Engineering with IDA Pro CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta
2 2 Reversing Techniques Static Analysis Dynamic Analysis
3 3 Reversing Techniques Static Analysis (e.g., strings, PEid) + safe (don t actually run anything) - more complex/time consuming Dynamic Analysis +runtime analysis - may be difficult to setup
4 4 Reversing Techniques Static Analysis (e.g., string PEid) + safe (don t actually run anything) - more complex/time consuming Dynamic Analysis +runtime analysis - may be difficult to setup Sometimes this is the only choice
5 5 Reversing Techniques Static Analysis (e.g., string PEid) + safe (don t actually run anything) - more complex/time consuming Dynamic Analysis +runtime analysis - may be difficult to setup Sometimes this is the only choice Usually the best approach is a hybrid
6 6 Disassembling Two algorithms 1. Exhaustive: 2. Recursive traversal:
7 7 Disassembling Two algorithms 1. Exhaustive: Disassemble all instructions line by line regardless of semantics 2. Recursive traversal: Find the entry point and explore all control flow options
8 8 IDAPro - The Interactive Disassembler Developed by Hex-Rays The weapon of choice for most reversing/analysis Supports PE/COFF, (ELF),.NET, Supports several ISAs (x86, x64, ARM, etc..) Saves progress in IDB Files Includes user comments, breakpoints, custom labels, etc.
9 9 IDA Pro Version 5.0 is (still) free, but No 64-bit support Limited ISA support Performs Function discovery Stack analysis Local variable identification Interactive Implemented using a plugin architecture
10 10 For More The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler by Chris Eagle (Author)
11 Hexdump hex ASCII 11
12 Hexdump 12 Good ground truth reference May be the only option
13 Disassembler (Text View) 13
14 14 Disassembler (Text View) Memory address labels Assembly, labels, and cross references
15 Disassembler What is this code doing? 15 Hint: focus on the function calls and auto-generated comments
16 Disassembler IDA Fast Library Identification and Recognition Technology (FLIRT) recognizes library functions generated by supported compilers 16
17 Disassembler C program that opens a file The filename is an argument An error is printed to the screen if the file cannot be opened 17 Check if correct # of arguments Open as read-only Push filename as a parameter to fopen
18 Disassembler C program that opens a file The filename is an argument An error is printed to the screen if the file cannot be opened 18 Check if correct # of arguments Open as read-only Push filename as a parameter to fopen Print an error if file cannot be opened
19 Disassembler Graphical View the current function is represented as a collection of nodes (code blocks) and edges (cross references between nodes). 19
20 Disassembler Red lines: path if jump not taken; Green lines: path if jump is taken Blue lines: unconditional path 20
21 21 Ida is a Disassembler & Debugger These are the common and default windows for debugging
22 22 Ida is a Disassembler & Debugger Hex dump These are the common and default windows for debugging
23 23 Ida is a Disassembler & Debugger Hex dump These are the common and default windows for debugging Synchronized (corresponding opcodes/operands are highlighted)
24 24 Ida is a Disassembler & Debugger These are the common and default windows for debugging Registers Registers with memory addresses are shown Stack
25 25 Loading an Executable for the first time Open IDA and select Go
26 26 Loading an Executable New: open an executable file Open: open an executable or Ida DB file Load file: load a supplementary file Produce file: export database IDC file: load a scripts file IDC command: select a script to execute
27 27 Loading an Executable Auto-detects a windows executable.
28 28 Disassembly Window Modes Text View Graph View
29 29 Customization Turn on the auto-comment feature.
30 Customization 30
31 31 Comments Description of opcode, but no execution flow semantics You can add your own comments however.
32 32 Comments Here I ve added more semantically rich meanings to the assembly by pressing the : (single instance) ; will create a repeatable comment (will add this same comment to references to this location)
33 33 Useful Windows for Analysis As shown in previous slides, these show the assembly/binary/addresses/etc.
34 34 Functions Window R: returns F: Far function (requires 32-bits) L: Library function S: Static function (not accessible by external functions only to the given code file) B: BP based frame T: Has type information (variables have known types --- probably provided by debugging information) = BP equals SP
35 35 Names Window Lists every address with a labels F: function (user) L: library function C: lines with instructions A: ascii data
36 36 Strings Window Lists all ASCII strings (by default character sequences of length >= 5)
37 37 Imports/Exports Windows Imports: functions used from other libraries Exports: functions that are available to other processes
38 38 Structures Window Data structures defined by groupings of memory IDA finds some, but you can specify your own to increase readability
39 39 Using Links and Cross-References link cross reference
40 See All XREFS at Once 40
41 41 Using Links and Cross-References Press escape to return to previous (same as the back arrow).
42 42 Navigation Band Dark blue: user defined code Light blue: library code Pink: imports Gray: defined/referenced data Brown: undefined/unreferenced data
43 43 Searching Next Code take me to the next sequential instruction Text search ascii text Sequence of Bytes search for specific hex bytes
44 44 Searching C:/>
45 45 Searching C:/>password.exe Enter password for this malware:
46 46 Searching C:/>password.exe Enter password for this malware: test
47 47 Searching C:/>password.exe Enter password for this malware: test Bad key How can we figure out the password??
48 48 Searching Demonstration
49 49 Analyzing Functions IDA has the ability to recognize, functions and label local variables and parameters.
50 50 Parameters and Local Variables 32-bits ebp-18h Lower Memory Address ESP EBP ebp-4 ebp ebp+8 Push Direction Higher Memory Address
51 Parameters and Local Variables 51
52 52 IDA Representation of Operand Types Type Register Operand Example Immediate Memory Address
53 53 Debugging Mode Breakpoints Traces Step-by-step Register inspection Memory inspection
54 54 Other Useful Features Rename locations Use this for your homework!! It will make your life easier!
55 55 Other Useful Features Operand formatting
56 56 Other Useful Features Graph node groups Create groups and name them to improve readability
57 57 Sample.dll At 0x , there is a call to Sleep (an API function that takes one parameter containing the number of milliseconds to sleep). Looking backward through the code, how long will the program sleep if this code executes? (Keep in mind that IDA Pro is not perfect).
58 58 IDA Pro is not perfect Instruction code as data and vice versa
59 59 IDA Pro is not perfect Instruction code as data and vice versa
60 60 IDA Pro is not perfect Instruction code as data and vice versa
61 61 IDA Pro is not perfect Instruction code as data and vice versa Now we end up with a label to a location with some values.
The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta
1 The IA-32 Stack and Function Calls CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta 2 Important Registers used with the Stack EIP: ESP: EBP: 3 Important Registers used with the Stack EIP:
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationObjec0ves. Gain understanding of what IDA Pro is and what it can do. Expose students to the tool GUI
Intro to IDA Pro 31/15 Objec0ves Gain understanding of what IDA Pro is and what it can do Expose students to the tool GUI Discuss some of the important func
More informationINSIDE THE ULTIMA ONLINE CLIENT - INSERTING A SLEEP
INSIDE THE ULTIMA ONLINE CLIENT - INSERTING A SLEEP GOAL The Ultima Online client utilizes too much CPU power when it s not doing anything useful. For example, when we are at the logon screen or when we
More informationAn Introduction to Komodo
An Introduction to Komodo The Komodo debugger and simulator is the low-level debugger used in the Digital Systems Laboratory. Like all debuggers, Komodo allows you to run your programs under controlled
More informationStack Vulnerabilities. CS4379/5375 System Security Assurance Dr. Jaime C. Acosta
1 Stack Vulnerabilities CS4379/5375 System Security Assurance Dr. Jaime C. Acosta Part 1 2 3 An Old, yet Still Valid Vulnerability Buffer/Stack Overflow ESP Unknown Data (unused) Unknown Data (unused)
More informationT Reverse Engineering Malware: Static Analysis I
T-110.6220 Reverse Engineering Malware: Static Analysis I Antti Tikkanen, F-Secure Corporation Protecting the irreplaceable f-secure.com Representing Data 2 Binary Numbers 1 0 1 1 Nibble B 1 0 1 1 1 1
More informationReverse Engineering Malware Binary Obfuscation and Protection
Reverse Engineering Malware Binary Obfuscation and Protection Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Binary Obfuscation and Protection What is covered in this
More informationT Hands-on 2. User-mode debuggers OllyDbg
T-110.6220 Hands-on 2 User-mode debuggers OllyDbg Disassemblers vs debuggers Static analysis / Disassemblers Theoretic approach Give us a static view of the binary Example: IDA Dynamic analysis / Debuggers
More informationPR I Setting up Your Computer
CS4379/CS5375 Dr. Jaime C. Acosta Software Reverse Engineering Homework Assignment Process Injection Due Date: October 29 th, 2017 before 11:59pm Late assignments are accepted until October 31 th, 11:59pm
More informationOCR J276 GCSE Computer Science
Name: Class Teacher: Date: OCR J276 GCSE Computer Science REVISION BOOKLET 2.5 TRANSLATORS AND FACILITIES OF LANGUAGES Content in J276 GCSE Computer Science: 1.1 Systems Architecture 1.2 Memory 1.3 Storage
More informationGraphing with IDA Pro. DataRescue 2005
Graphing with IDA Pro. DataRescue 2005 Wingraph32, a partial port of the VCG graphing library, is available since IDA Pro 4.17. IDA is able to produce standard GDL graphs which are then passed to Wingraph32
More informationDr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD /12/2014 Slide 1
Dr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD 21252 rkarne@towson.edu 11/12/2014 Slide 1 Intel x86 Aseembly Language Assembly Language Assembly Language
More informationDiaphora An IDA Python BinDiffing plugin
Diaphora An IDA Python BinDiffing plugin Index Introduction...2 Files distributed with the diaphora distribution...2 Running Diaphora...2 Diaphora quick start...4 Finding differences in new versions (Patch
More informationTRACE32 Debugger Getting Started... ICD Tutorial About the Tutorial... 2
ICD Tutorial TRACE32 Online Help TRACE32 Directory TRACE32 Index TRACE32 Debugger Getting Started... ICD Tutorial... 1 About the Tutorial... 2 Working with the Debugger... 3 Set up the Program Environment
More informationMemory Models. Registers
Memory Models Most machines have a single linear address space at the ISA level, extending from address 0 up to some maximum, often 2 32 1 bytes or 2 64 1 bytes. Some machines have separate address spaces
More informationSupplement: Visual C++ Debugging
Supplement: Visual C++ Debugging For Introduction to C++ Programming By Y. Daniel Liang Note: The screen shots are taken from VC++ 2010. It is the same for the later version. 1 Introduction The debugger
More informationC5500 Compiler Build Options One Use Case
C5500 Compiler Build Options One Use Case May 2008 Page 1 Page 1 TI Internal Use Only Overview These slides are the collective wisdom on C5500 Compiler Build options from a highly experienced development
More information1.1 For Fun and Profit. 1.2 Common Techniques. My Preferred Techniques
1 Bug Hunting Bug hunting is the process of finding bugs in software or hardware. In this book, however, the term bug hunting will be used specifically to describe the process of finding security-critical
More informationNext Generation Collaborative Reversing with Ida Pro and CollabREate. Chris Eagle and Tim Vidas Naval Postgraduate School
Next Generation Collaborative Reversing with Ida Pro and CollabREate Chris Eagle and Tim Vidas Naval Postgraduate School Shameless Plug Coming soon to finer book stores Prepare for Demo Blackhat demo package
More informationT Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
More informationModule 3 Instruction Set Architecture (ISA)
Module 3 Instruction Set Architecture (ISA) I S A L E V E L E L E M E N T S O F I N S T R U C T I O N S I N S T R U C T I O N S T Y P E S N U M B E R O F A D D R E S S E S R E G I S T E R S T Y P E S O
More informationLecture 03 Bits, Bytes and Data Types
Lecture 03 Bits, Bytes and Data Types Computer Languages A computer language is a language that is used to communicate with a machine. Like all languages, computer languages have syntax (form) and semantics
More information2.2 THE MARIE Instruction Set Architecture
2.2 THE MARIE Instruction Set Architecture MARIE has a very simple, yet powerful, instruction set. The instruction set architecture (ISA) of a machine specifies the instructions that the computer can perform
More informationThe X86 Assembly Language Instruction Nop Means
The X86 Assembly Language Instruction Nop Means As little as 1 CPU cycle is "wasted" to execute a NOP instruction (the exact and other "assembly tricks", as explained also in this thread on Programmers.
More informationALD Assembly Language Debugger Copyright (C) Patrick Alken
ALD Assembly Language Debugger 0.1.7 Copyright (C) 2000-2004 Patrick Alken To run type ald help Commands may be abbreviated. If a blank command is entered, the last command is repeated. Type `help '
More informationReal instruction set architectures. Part 2: a representative sample
Real instruction set architectures Part 2: a representative sample Some historical architectures VAX: Digital s line of midsize computers, dominant in academia in the 70s and 80s Characteristics: Variable-length
More informationCodeSurfer/x86 A Platform for Analyzing x86 Executables
CodeSurfer/x86 A Platform for Analyzing x86 Executables Gogul Balakrishnan 1, Radu Gruian 2, Thomas Reps 1,2, and Tim Teitelbaum 2 1 Comp. Sci. Dept., University of Wisconsin; {bgogul,reps}@cs.wisc.edu
More informationThe following content has been imported from Legacy Help systems and is in the process of being checked for accuracy.
Processor Debug Old Content - visit altium.com/documentation Modified by Admin on Nov 6, 2013 The following content has been imported from Legacy Help systems and is in the process of being checked for
More informationAn Introduction to IDA and crackmes - Cruehead[MiB] crackme 2 writeup Mitchell Adair 08/14/2011 utdcsg.org
An Introduction to IDA and crackmes - Cruehead[MiB] crackme 2 writeup Mitchell Adair 08/14/2011 utdcsg.org This is a writeup over Cruehead's crackme 2, hopefully providing an intro to IDA and some general
More informationMalware Analysis and Antivirus Technologies: Using Debuggers to Analyze Malware
Malware Analysis and Antivirus Technologies: Using Debuggers to Analyze Malware Protecting the irreplaceable f-secure.com Agenda Debugger basics Introduction Scenarios and tools How debuggers work Debug
More informationComputer Science and Engineering 331. Midterm Examination #1. Fall Name: Solutions S.S.#:
Computer Science and Engineering 331 Midterm Examination #1 Fall 2000 Name: Solutions S.S.#: 1 41 2 13 3 18 4 28 Total 100 Instructions: This exam contains 4 questions. It is closed book and notes. Calculators
More informationMitchell Adair January, 2014
Mitchell Adair January, 2014 Know Owen from our time at Sandia National Labs Currently work for Raytheon Founded UTDallas s Computer Security Group (CSG) in Spring 2010 Reversing, binary auditing, fuzzing,
More informationCSC 405 Computer Security Reverse Engineering Part 1
CSC 405 Computer Security Reverse Engineering Part 1 Alexandros Kapravelos akaprav@ncsu.edu Introduction Reverse engineering process of analyzing a system understand its structure and functionality used
More informationReverse Engineering Low Level Software. CS5375 Software Reverse Engineering Dr. Jaime C. Acosta
1 Reverse Engineering Low Level Software CS5375 Software Reverse Engineering Dr. Jaime C. Acosta Machine code 2 3 Machine code Assembly compile Machine Code disassemble 4 Machine code Assembly compile
More informationOMEN Alpha / issue 4. Technical Documentation
OMEN Alpha / issue 4 Technical Documentation OMEN Computers - - - https://github.com/osmibity - - - Page: 1 INTRODUCTION == The OMEN Alpha computer kit is a low-cost computer trainer, based on the Intel
More informationComputer Architecture and System Software Lecture 07: Assembly Language Programming
Computer Architecture and System Software Lecture 07: Assembly Language Programming Instructor: Rob Bergen Applied Computer Science University of Winnipeg Announcements New assembly examples uploaded to
More informationA Security Microcosm Attacking and Defending Shiva
A Security Microcosm Attacking and Defending Shiva Shiva written by Neel Mehta and Shaun Clowes Presented by Shaun Clowes shaun@securereality.com.au What is Shiva? Shiva is an executable encryptor Encrypted
More informationIntro x86 Part 3: Linux Tools & Analysis
Intro x86 Part 3: Linux Tools & Analysis Xeno Kovah 2009/2010 xkovah at gmail Approved for Public Release: 10-3348. Distribution Unlimited All materials is licensed under a Creative Commons Share Alike
More informationIntroduction to the ThreadX Debugger Plugin for the IAR Embedded Workbench C-SPYDebugger
C-SPY plugin Introduction to the ThreadX Debugger Plugin for the IAR Embedded Workbench C-SPYDebugger This document describes the IAR C-SPY Debugger plugin for the ThreadX RTOS. The ThreadX RTOS awareness
More informationCHAPTER 5 A Closer Look at Instruction Set Architectures
CHAPTER 5 A Closer Look at Instruction Set Architectures 5.1 Introduction 293 5.2 Instruction Formats 293 5.2.1 Design Decisions for Instruction Sets 294 5.2.2 Little versus Big Endian 295 5.2.3 Internal
More information1 Introduction to MARS
1 Introduction to MARS 1.1 Objectives After completing this lab, you will: Get familiar with the MARS simulator Learn how to assemble, run, and debug a MIPS program 1.2 The MARS Simulator MARS, the MIPS
More informationComputer Organization & Assembly Language Programming
Computer Organization & Assembly Language Programming CSE 2312-002 (Fall 2011) Lecture 8 ISA & Data Types & Instruction Formats Junzhou Huang, Ph.D. Department of Computer Science and Engineering Fall
More informationCIS 1.5 Course Objectives. a. Understand the concept of a program (i.e., a computer following a series of instructions)
By the end of this course, students should CIS 1.5 Course Objectives a. Understand the concept of a program (i.e., a computer following a series of instructions) b. Understand the concept of a variable
More informationSubprograms: Local Variables
Subprograms: Local Variables ICS312 Machine-Level and Systems Programming Henri Casanova (henric@hawaii.edu) Local Variables in Subprograms In all the examples we have seen so far, the subprograms were
More informationString Instructions In C Program Examples. Reverse >>>CLICK HERE<<<
String Instructions In C Program Examples Reverse The Lab2 submission instruction: (1) Please create.c file for each of your programs. (2) Please prepare a text (.txt) file, clearly describing how to run
More informationX86 Review Process Layout, ISA, etc. CS642: Computer Security. Drew Davidson
X86 Review Process Layout, ISA, etc. CS642: Computer Security Drew Davidson davidson@cs.wisc.edu From Last Time ACL-based permissions (UNIX style) Read, Write, execute can be restricted on users and groups
More informationEECE416 :Microcomputer Fundamentals and Design. X86 Assembly Programming Part 1. Dr. Charles Kim
EECE416 :Microcomputer Fundamentals and Design X86 Assembly Programming Part 1 Dr. Charles Kim Department of Electrical and Computer Engineering Howard University www.mwftr.com 1 Multiple Address Access
More informationEEL 3801 Introduction to Computer Engineering Summer Home Work Schedule
EEL 3801 Introduction to Computer Engineering Summer 2005 Home Work Schedule Schedule of Assignments: Week HW# Due Points Title 1 07/05/05 3% Memory dump in assembly 2 07/19/05 3% Solve a Maze 3 08/02/05
More informationAssembly Language Lab # 9
Faculty of Engineering Computer Engineering Department Islamic University of Gaza 2011 Assembly Language Lab # 9 Stacks and Subroutines Eng. Doaa Abu Jabal Assembly Language Lab # 9 Stacks and Subroutines
More informationECOM 2325 Computer Organization and Assembly Language. Instructor: Ruba A.Salamah INTRODUCTION
ECOM 2325 Computer Organization and Assembly Language Instructor: Ruba A.Salamah INTRODUCTION Overview Welcome to ECOM 2325 Assembly-, Machine-, and High-Level Languages Assembly Language Programming Tools
More informationCSC 591 Systems Attacks and Defenses Reverse Engineering Part 1
CSC 591 Systems Attacks and Defenses Reverse Engineering Part 1 Alexandros Kapravelos akaprav@ncsu.edu Reverse engineering Introduction process of analyzing a system understand its structure and functionality
More informationReview Questions. 1 The DRAM problem [5 points] Suggest a solution. 2 Big versus Little Endian Addressing [5 points]
Review Questions 1 The DRAM problem [5 points] Suggest a solution 2 Big versus Little Endian Addressing [5 points] Consider the 32-bit hexadecimal number 0x21d3ea7d. 1. What is the binary representation
More informationCNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux
CNIT 127: Exploit Development Ch 2: Stack Overflows in Linux Stack-based Buffer Overflows Most popular and best understood exploitation method Aleph One's "Smashing the Stack for Fun and Profit" (1996)
More informationReview Topics. Midterm Exam Review Slides
Review Topics Midterm Exam Review Slides Original slides from Gregory Byrd, North Carolina State University Modified slides by Chris Wilcox, Colorado State University!! Computer Arithmetic!! Combinational
More informationControl Instructions. Computer Organization Architectures for Embedded Computing. Thursday, 26 September Summary
Control Instructions Computer Organization Architectures for Embedded Computing Thursday, 26 September 2013 Many slides adapted from: Computer Organization and Design, Patterson & Hennessy 4th Edition,
More informationControl Instructions
Control Instructions Tuesday 22 September 15 Many slides adapted from: and Design, Patterson & Hennessy 5th Edition, 2014, MK and from Prof. Mary Jane Irwin, PSU Summary Previous Class Instruction Set
More informationThe ThreadX C-SPY plugin
The ThreadX C-SPY plugin Introduction to the ThreadX Debugger Plugin for the IAR Embedded Workbench C-SPY Debugger This document describes the IAR C-SPY Debugger plugin for the ThreadX RTOS. The ThreadX
More informationAssembly Language for Intel-Based Computers, 4 th Edition
Assembly Language for Intel-Based Computers, 4 th Edition Kip R. Irvine Chapter 5: Procedures Lecture 18 Linking to External Library The Book s Link Library Stack Operations Slides prepared by Kip R. Irvine
More information18-600: Recitation #3
18-600: Recitation #3 Bomb Lab & GDB Overview September 12th, 2017 1 Today X86-64 Overview Bomb Lab Introduction GDB Tutorial 2 3 x86-64: Register Conventions Arguments passed in registers: %rdi, %rsi,
More informationSegmentation in Assembly Language Programming
1 2 Segmentation in General Segmentation in Assembly Language Programming UNIX programs have 3 segments Text segment Executable machine instructions Data segment Initialized data BSS segment (Block Started
More informationReview Topics. Midterm Exam Review Slides
Review Topics Midterm Exam Review Slides Original slides from Gregory Byrd, North Carolina State University Modified slides by Chris Wilcox, Colorado State University Computer Arithmetic Combinational
More informationT Using debuggers to analyze malware. Antti Tikkanen, F-Secure Corporation
T-110.6220 Using debuggers to analyze malware Antti Tikkanen, F-Secure Corporation Agenda Debugger basics Introduction Scenarios and tools How do debuggers work? Debug API The debugging loop Underlying
More informationSummer 2003 Lecture 14 07/02/03
Summer 2003 Lecture 14 07/02/03 LAB 6 Lab 6 involves interfacing to the IBM PC parallel port Use the material on wwwbeyondlogicorg for reference This lab requires the use of a Digilab board Everyone should
More informationPRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG
PRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG Table of contents Introduction Binary Disassembly Return Address Defense Prototype Implementation Experimental Results Conclusion Buffer Over2low Attacks
More informationSubprograms, Subroutines, and Functions
Subprograms, Subroutines, and Functions Subprograms are also called subroutines, functions, procedures and methods. A function is just a subprogram that returns a value; say Y = SIN(X). In general, the
More informationInstructions: Language of the Computer
CS359: Computer Architecture Instructions: Language of the Computer Yanyan Shen Department of Computer Science and Engineering 1 The Language a Computer Understands Word a computer understands: instruction
More informationDebugging Applications in Pervasive Computing
Debugging Applications in Pervasive Computing Larry May 1, 2006 SMA 5508; MIT 6.883 1 Outline Video of Speech Controlled Animation Survey of approaches to debugging Turning bugs into features Speech recognition
More informationEW The Source Browser might fail to start data collection properly in large projects until the Source Browser window is opened manually.
EW 25462 The Source Browser might fail to start data collection properly in large projects until the Source Browser window is opened manually. EW 25460 Some objects of a struct/union type defined with
More informationCSCI 402: Computer Architectures. Instructions: Language of the Computer (1) Fengguang Song Department of Computer & Information Science IUPUI
To study Chapter 2: CSCI 402: Computer Architectures Instructions: Language of the Computer (1) Fengguang Song Department of Computer & Information Science IUPUI Contents 2.1-2.3 Introduction to what is
More informationComputer Organization and Assembly Language. Lab Session 01
Objective: Lab Session 01 Introduction to Assembly Language Tools and Familiarization with Emu8086 environment To be able to understand Data Representation and perform conversions from one system to another
More informationReverse Engineering Malware Dynamic Analysis of Binary Malware II
Reverse Engineering Malware Dynamic Analysis of Binary Malware II Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Advanced dynamic analysis Debugger scripting Hooking
More informationReverse Engineering Microsoft Binaries
Reverse Engineering Microsoft Binaries Alexander Sotirov asotirov@determina.com Recon 2006 Overview In the next one hour, we will cover: Setting up a scalable reverse engineering environment getting binaries
More informationFinal Examination May 5, 2005
CS 4352 Compilers and Interpreters Final Examination May 5, 2005 Name Closed Book. If you need more space ask for an extra sheet. 1. [4 points] Pick the appropriate data structure for each purpose: storage
More informationLecture Outline. Code Generation. Lecture 30. Example of a Stack Machine Program. Stack Machines
Lecture Outline Code Generation Lecture 30 (based on slides by R. Bodik) Stack machines The MIPS assembly language The x86 assembly language A simple source language Stack-machine implementation of the
More informationCSCI 2321 (Computer Design), Spring 2018 Homework 3
CSCI 2321 (Computer Design), Spring 2018 Homework 3 Credit: 50 points. 1 Reading Be sure you have read, or at least skimmed, all assigned sections of Chapter 2 and Appendix A. 2 Honor Code Statement Please
More informationIslamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 7. Procedures and the Stack
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 7 Procedures and the Stack April, 2014 1 Assembly Language LAB Runtime Stack and Stack
More informationCS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017
CS 31: Intro to Systems ISAs and Assembly Martin Gagné Swarthmore College February 7, 2017 ANNOUNCEMENT All labs will meet in SCI 252 (the robot lab) tomorrow. Overview How to directly interact with hardware
More informationZAP Cross Debuggers for STMicroelectronics Microcontrollers
ZAP Cross Debuggers for STMicroelectronics Microcontrollers ZAP is a family of full-featured C and assembly language source-level debuggers designed to give STMicroelectronics embedded microcontroller
More informationCS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly
Raluca Popa Spring 2018 CS 161 Computer Security Discussion 1 Week of January 22, 2018: GDB and x86 assembly Objective: Studying memory vulnerabilities requires being able to read assembly and step through
More informationCode Generation. Lecture 30
Code Generation Lecture 30 (based on slides by R. Bodik) 11/14/06 Prof. Hilfinger CS164 Lecture 30 1 Lecture Outline Stack machines The MIPS assembly language The x86 assembly language A simple source
More informationRev101. spritzers - CTF team. spritz.math.unipd.it/spritzers.html
Rev101 spritzers - CTF team spritz.math.unipd.it/spritzers.html Disclaimer All information presented here has the only purpose of teaching how reverse engineering works. Use your mad skillz only in CTFs
More informationBuilding a Runnable Program and Code Improvement. Dario Marasco, Greg Klepic, Tess DiStefano
Building a Runnable Program and Code Improvement Dario Marasco, Greg Klepic, Tess DiStefano Building a Runnable Program Review Front end code Source code analysis Syntax tree Back end code Target code
More informationDigital Forensics Lecture 3 - Reverse Engineering
Digital Forensics Lecture 3 - Reverse Engineering Low-Level Software Akbar S. Namin Texas Tech University Spring 2017 Reverse Engineering High-Level Software Low-level aspects of software are often the
More informationFlare-On 3: Challenge 1 Solution
Flare-On 3: Challenge 1 Solution Challenge Author: Alex Rich When running challenge1.exe we are presented with a password prompt, for which the program will respond to an incorrect response with Wrong
More informationBASICS OF THE RENESAS SYNERGY PLATFORM
BASICS OF THE RENESAS SYNERGY PLATFORM TM Richard Oed 2018.11 02 CHAPTER 11 EVENT ANALYSIS WITH TRACEX CONTENTS 11 EVENT ANALYSIS WITH TRACEX 03 11.1 An Introduction to TraceX 03 11.2 Built-in Views and
More informationReview of Last Lecture. CS 61C: Great Ideas in Computer Architecture. MIPS Instruction Representation II. Agenda. Dealing With Large Immediates
CS 61C: Great Ideas in Computer Architecture MIPS Instruction Representation II Guest Lecturer: Justin Hsia 2/11/2013 Spring 2013 Lecture #9 1 Review of Last Lecture Simplifying MIPS: Define instructions
More informationVARDHAMAN COLLEGE OF ENGINEERING (AUTONOMOUS) Shamshabad, Hyderabad
Introduction to MS-DOS Debugger DEBUG In this laboratory, we will use DEBUG program and learn how to: 1. Examine and modify the contents of the 8086 s internal registers, and dedicated parts of the memory
More informationLAB WORK NO. 3 TURBO DEBUGGER ENVIRONMENT
LAB WORK NO. 3 TURBO DEBUGGER ENVIRONMENT 1. Objective of the lab work The purpose of this lab is to be able to debug programs written in assembly language and general executables, using a debugging tool.
More informationZAP Cross Debuggers for Motorola Microcontrollers
ZAP Cross Debuggers for Motorola Microcontrollers ZAP is a family of full-featured C and assembly language source-level debuggers designed to give Motorola embedded microcontroller developers a consistent
More informationCPSC 330 Computer Organization
CPSC 330 Computer Organization Chapter 2-II Instructions: Language of the computer MIPS Instructions - Review Instruction Meaning add $s1,$s2,$s3 $s1 = $s2 + $s3 sub $s1,$s2,$s3 $s1 = $s2 $s3 addi $s1,$s1,4
More informationMIPS Functions and Instruction Formats
MIPS Functions and Instruction Formats 1 The Contract: The MIPS Calling Convention You write functions, your compiler writes functions, other compilers write functions And all your functions call other
More informationOutline STRANGER. Background
Outline Malicious Code Analysis II : An Automata-based String Analysis Tool for PHP 1 Mitchell Adair 2 November 28 th, 2011 Outline 1 2 Credit: [: An Automata-based String Analysis Tool for PHP] Background
More informationLecture 3: Instruction Set Architecture
Lecture 3: Instruction Set Architecture Interface Software/compiler instruction set hardware Design Space of ISA Five Primary Dimensions Number of explicit operands ( 0, 1, 2, 3 ) Operand Storage Where
More informationMalware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
More informationUMBC. A register, an immediate or a memory address holding the values on. Stores a symbolic name for the memory location that it represents.
Intel Assembly Format of an assembly instruction: LABEL OPCODE OPERANDS COMMENT DATA1 db 00001000b ;Define DATA1 as decimal 8 START: mov eax, ebx ;Copy ebx to eax LABEL: Stores a symbolic name for the
More informationPierre-Marc Bureau Joan Calvet - UNDERSTANDING SWIZZOR S OBFUSCATION
Pierre-Marc Bureau bureau@eset.sk Joan Calvet - j04n.calvet@gmail.com UNDERSTANDING SWIZZOR S OBFUSCATION 1 Swizzor Present since 2002! AV companies receive hundreds of new binaries daily. Nice icons :
More informationJackson State University Department of Computer Science CSC / Advanced Information Security Spring 2013 Lab Project # 5
Jackson State University Department of Computer Science CSC 439-01/539-02 Advanced Information Security Spring 2013 Lab Project # 5 Use of GNU Debugger (GDB) for Reverse Engineering of C Programs in a
More informationVisual Studio.NET. Although it is possible to program.net using only the command OVERVIEW OF VISUAL STUDIO.NET
Chapter. 03 9/17/01 6:08 PM Page 35 Visual Studio.NET T H R E E Although it is possible to program.net using only the command line compiler, it is much easier and more enjoyable to use Visual Studio.NET.
More informationSubroutine Entry Point Recognition Using Data Mining
Subroutine Entry Point Recognition Using Data Mining Brian Knudson Florida Institute of Technology 150 W. University Blvd Melbourne, FL 32901 bknudson2008@my.fit.edu ABSTRACT This paper introduces a novel
More information