My apologies to Craig for the delay in publishing this paper as I was a little busy attending BH/DefCon and the neverending work on ChicagoCon. But this one is definitely worth the wait as many of you expressed interest in the topic of this article.  Well done, Mr. Heffner.

Permanent Link: [Article]-Intro to Assembly and Reverse Engineering


As always, feedback is encouraged as well as future topic ideas for Craig.

Don

Excellent! I really enjoyed this paper.

Thanks Craig for explaining this topic in a simple and clear visual manner. I think this is the first time I really understood the basic of Assembly and RCE. I know that this is just an introduction but it really helps to grasp the fundamentals for other advance related topics. Looking forward the second part of this article.

Keep up the good work!!

Thanks for your awesome paper. I have been interested in learning more on RCE and have been held up by the fact that no one writes to the true entry level person. Your overview of registers was very well wrote.

I ran through the Hello World examples and had slight differences. I understand each disassembler will spit something different, I am wondering if you can tell me what is going on though. I m using gdb 6.6-debian.

Dump of assembler code for function main:
0x080483a0 <main+0>:    lea    0x4(%esp),%ecx
0x080483a4 <main+4>:    and    $0xfffffff0,%esp
0x080483a7 <main+7>:    pushl  0xfffffffc(%ecx)
0x080483aa <main+10>:   push   %ebp
0x080483ab <main+11>:   mov    %esp,%ebp
0x080483ad <main+13>:   push   %ecx
0x080483ae <main+14>:   sub    $0x4,%esp
0x080483b1 <main+17>:   movl   $0x1,0x80495cc
0x080483bb <main+27>:   call   0x8048374 <myprint>
0x080483c0 <main+32>:   mov    $0x0,%eax
0x080483c5 <main+37>:   add    $0x4,%esp
0x080483c8 <main+40>:   pop    %ecx
0x080483c9 <main+41>:   pop    %ebp
0x080483ca <main+42>:   lea    0xfffffffc(%ecx),%esp
0x080483cd <main+45>:   ret   
End of assembler dump.

The first three lines are where I am confused. I read about load effective address, but I don't know what it is loading.

Also in myprint(), I am using:

0x0804838b <myprint+23>:        call   0x80482bc <puts@plt>

I understand this is the print statement although do you have any input on puts vs print?

Thanks for the awesome paper, when is part two coming out?

I found a mistake in this article:


The jnz (jump if not zero) instruction jumps if the zero flag is clear.


For example, if an operation such as CMP turns out to be true, the result will be zero which means that the zero flag will be set to 1. If the next instruction is a jnz, the jump will not be taken. However, if the CMP operation is not true, the result will be a non-zero value meaning that the zero flag is clear or 0. Since the zero flag is clear the next jump (jnz) will be taken.

I've been doing some research on reversing and assembly lately for a crack me challenge and spotted this error when I went back on reading this article.

Thanks for the reference, I'll check it out.


I was talking about the crackme02 posted by Don last week:

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2277.0/

I already solved it. I guess you just of to find the password in the right place.

Me either. I went on studying assembly before I attempted the challenge.

_Marshel_
check the following URL:
http://webster.cs.ucr.edu/AoA
http://webster.cs.ucr.edu/AoA/Linux/HTML/AoATOC.html
the site is not very user friendly, however if you manage to navigate you will be able to collect the rewards

You seem to be hunting for books these days, good luck