cnit 127 lecture 7: intro to 64-bit assembler (not in book)
TRANSCRIPT
![Page 1: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/1.jpg)
CNIT 127: Exploit Development
Lecture 7: 64-bit Assembler
Not in textbook
Rev. 3-9-17
![Page 2: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/2.jpg)
64-bit Registers
• rip = Instruction pointer • rsp = top of stack
![Page 3: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/3.jpg)
![Page 4: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/4.jpg)
Windows Limitations
• Windows doesn't implement full 64-bit addressing
• Windows 2008 Server uses 44 bits – Max. 16 TB RAM
• Windows 8.1, 2015 revision, uses 48 bits – Max. 256 TB RAM
• Links Ch L7d, L7e
![Page 5: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/5.jpg)
OS Limitations
• OS uses top half
• User programs use lower half
![Page 6: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/6.jpg)
System Calls
• syscall replaces INT 80
![Page 7: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/7.jpg)
L7h: Searchable Linux Syscall Table
![Page 8: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/8.jpg)
L7c: Introduction to x64 Assembly Intel Developer Zone
• More details about registers
![Page 9: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/9.jpg)
Common Opcodes
![Page 10: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/10.jpg)
Syscall 1: Write
![Page 11: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/11.jpg)
Simplest Program: ABC
![Page 12: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/12.jpg)
Works, then Crashes (no exit)
![Page 13: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/13.jpg)
Exit
![Page 14: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/14.jpg)
Works Without Crashing
![Page 15: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/15.jpg)
Letters in Order
![Page 16: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/16.jpg)
Using a .data section
• db = "Define Byte"
![Page 17: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/17.jpg)
Objdump
![Page 18: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/18.jpg)
Using gdb
• .data and .text sections appear the same
![Page 19: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/19.jpg)
.text and .data Sections
![Page 20: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/20.jpg)
info registers
![Page 21: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/21.jpg)
Using read
![Page 22: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/22.jpg)
"echo" with a .data section
![Page 23: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/23.jpg)
Works with Junk at End
![Page 24: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/24.jpg)
Caesar Cipher
![Page 25: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/25.jpg)
Works for 4 Bytes Only
![Page 26: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/26.jpg)
Objdump Shows a 32-bit Value
![Page 27: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/27.jpg)
Intel 64 and IA-32 Architectures Software Developer's Manual
![Page 28: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/28.jpg)
Must use a Register
![Page 29: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/29.jpg)
Now it Works
![Page 30: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/30.jpg)
Challenge 1 "Hello from YOURNAME"
![Page 31: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/31.jpg)
Challenge 2 Caesar (3 steps back)
![Page 32: CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)](https://reader031.vdocuments.site/reader031/viewer/2022022410/58e785aa1a28abe7528b5d1d/html5/thumbnails/32.jpg)
Challenge 3: XOR Encryption