Hi all,

I want to look at what happens in the background of my C code.
This would help me in understanding the assembly language better. My goal is to understand this so that it helps me in Reverse Engineering.

I want to explore my C code in OllyDB just like we look at Crackme's

Guide me about how to do it

Regards,
SatYr

http://en.wikibooks.org/wiki/X86_Disassembly
http://www.microsoft.com/msj/0298/hood0298.aspx

That should probably get you going.. Also try to answer H1t M0nk3y's questions as we can probably guide you better if we know your goals..

Hey satyr, have you read this thread? http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5219.0/

Also, have you read the articles provided by dante? The "microsoft" one is pretty good. If you are very serious, I would try writing very simple programs in assembly, like Hello World. Then add a few loops and jump conditions (if). Once you understand what ESP, EIP, EAX, etc are, than move to the "Shellcoder's Handbook" or do PWB. At this point, you should know enough to continue by yourself.

I suggest you to buy something like "The assembly language for intel-based computers". It is pretty expensive, but I found the old third edition for something like 5$ on eBay. It's a good reference book...

I hope it helped!

I am not an expert in either Exploit development or Malware analysis. I wrote 5 or 6 exploits and never did Malware analysis. The only things I know is Malware analysis is probably the hardest thing in computer science, after writing your own OS! So get very, very good at assembly, exploit development and understand viruses, worms, backdoors etc very well before even starting on this route. Again, I know close to nothing about this field, but that's what I will do (notice: I didn't say "would do" but "will do"  )

So start with Exploit development. Again, Offensive Security has a nice introduction to exploit development in their PWB course. They go further in the topic with their CTP course.

Other assembly videos:

Assembly Language Primer for Windows 1 & 2
http://www.securitytube.net/Security-Basics-Video-List.aspx

Whoa nelly slow down. Packers and anti-reversing is exposed and highly effective in malware analysis. Not "only" exploit development. To be honest, "packers" are usually used for covertness when someone doesn't want another visibly seeing what they're doing. Most shellcode exploits are fully visible across the board.

For example, when in Canvas, Core or Metasploit, I can open, modify and save exploits in ALL applications across the board. If they were packed and or encrypted and THEN packed, there would be an issue of trust within the security community and companies buying applications like Canvas, Core and Metasploit Pro.

Granted there is a LOT more overlap, I actually recommend the reverse, learn MALWARE analysis before exploitation. Even if you DO start learning exploitation, unless you plan on doing something sketchy, there is usually NO NEED to pack anything - again unless you plan on doing something sketchy.

By understanding malware analysis, from a professional level, you're liable to make more headway in the industry. This can be confirmed by visiting employment websites like Dice, Monster, etc., do a quick search for say "malware analyst" versus "exploit developer." You CAN make some serious cash with sites like say Zero Day Initiative, iDefense, etc., but the likelihood of you gaining a foothold in a comfortable solidly grounded company like say BT, Raytheon, etc., is low.

Exploit Development = good for bookoo bucks selling exploits ... Many companies won't care that you can exploit someone elses stuff

Malware Analysis - companies care that you can analyze (incident response, forensics, CERT/SERT/PSIRT) what is causing chaos on their network.

Malware analysis is a lot more simplified than wanting to yank your hair out over say DEP and ASLR. In a MA environment, you're usually going to create your labs, infect yourself, analyze the post and pre states of the machine that is now infected. What did the malware do, how did it do it, what did it affect, where did it try to connect, HOW did it try to connect, how did it try to bypass protections.

In an exploit development scenario, you're trying to disassemble/decompile thousands of lines of code looking for something that triggers an anomaly. WHAT can you do with that anomaly. That's fine and dandy. Now that you did it on ONE machine, replicate it across the board.

For those who've seen my mushroomcloud exploit, this was a classic clusterfsck of epic proportions. (Replication). I spent who knows how many hours going back and forth on machine to machine to machine trying to get it right across the board. I had others (thanks phenolit if you stumble upon here) who helped me iron out the kinks... At the end of the day, it turned out to be an NDIS driver issue via way of TREND MICRO causing VMWare to implode. Bottom line, anyone who DIDN'T use Trend Micro weren't affected by MushroomCloud. Those who did, sayanora. So from the exploit development side, how much do you think a company would find an exploit like this to be worth? How much total time did I spend on the exploit, analysis (pre and post mortem)? 3 months. This included time spent with VMWare engineers on the phone, time spent with friends, coworkers and other security pros on conference calls and email, time spent trying to get Trend Micro to understand it all.

End of the day? If I *tried* to even shop it around on say ZDI, iDefense, or others, it would be pointless. It's not replicable outside of unique instances. This is a nightmare in the windows exploitation development world. And THAT is where the money is, in Windows exploitation. Linux, BSD, Solaris, tends to be more for "bragging rights." If you think for a moment any one of those mentioned would even care financially about the potential damage from you 'sploit' think again. Whereas MS is used by millions of business, they're liable to be more visible hence the need for them to respond quickly.

Now I've had my share of exploit development and analysis of malware and or viruses throughout the years. From my POV, malware analysis is where the CAREER is at. Exploit Development is where bragging rights are... It is also where headaches and gray hair is made.

Anyway my two cents

I was enjoying a nice coffee this morning in a quiet house reading another "sil novel"

More than the long posts, I enjoy hearing a real expert talking about an interesting subject! I to, try to help others when I can, but I lack the experience sil has!!


Sil, what do you mean by "headaches and gray hair is made"? Are you refering to long fuzzing hours before finding something?

if i was an android taking all this information through a cord at the back of my head ... i guess i would have exploded.

im in awe reading what sil has posted ... all that experience ... hours behind the monitor and industry knowledge shows up in posts like these ... hats off to u

again I thank all the members here who have responded to basic newbie questions ... your modesty is inspirational .. thank you guys ... im sure i will pick up a lot of things from here ..thanks to all of u