Implement Dump Registers

Video Activity

Join over 3 million cybersecurity professionals advancing their career

Required fields are marked with an *

View all SSO options

Already have an account? Sign In »

Assembly

Course

Difficulty

Beginner

Video Transcription

00:03

Hello. This is Dr Miller in this episode 15.4 of Assembly.

00:08

Today, we're gonna right a 64 bit function.

00:12

So a 64 bit function.

00:14

So what's our problem? To be solved? Well, we're gonna write a function that's going to dump the registers, and it's gonna print out all of the 64 bit registers,

00:23

um, that air for general purpose use, and then we're going to use the fast call conventions.

00:30

So here I've already started a project. So for this, we can look at the files, so we're going to have our iot dot Include,

00:43

So in this, it's saying that we are going to write some functions, so we're going to write the dumper eggs function. And I've already written a couple of other functions,

00:51

Um, that we can use

00:52

and so inside of i O S. M.

00:57

I did take the time to type in this long string here, so this is gonna have registers.

01:03

So we got our X, we got the zero X in the front, and then we've got percent.

01:08

And then we're saying we want leading zeros. We'd like 16 digits. We're going to do a long hex

01:15

for each one of these. And so I've got each

01:19

01:23

um, I sprinkled a few new lines in here so that we can read it, put a couple of extra new lines here

01:30

at the end and then terminated with zero.

01:34

And then when we're going to start this, we're gonna start down here in our dump regs function.

01:38

So the first thing is to set up our stack, and we're actually going to use the stack quite a bit, because here we don't want to change any of the registers. And so we're gonna have to save

01:48

all over registers as we go. So the first thing is, we'll start with our prologue.

01:57

So again we have, um,

01:59

our for our prefix and that e So we got Rvp, and then we're going to move our

02:05

you clearly

02:07

RSP So our stack pointer is that RSP?

02:09

Um, the thing at the end rights are epilogue. We're going to to move our S p r b p

02:19

and then pop R B p.

02:22

So we've got our prologue on our epilogue set up, and we're going to need our BP in order to reference a rvp and be RSP when we get going here.

02:35

So at the beginning, we're going to push a bunch of our registers on so that we can restore them when we're done. And I'm gonna put offsets here.

02:43

So we got push Rx, and that's at minus eight. So,

02:47

um, when we're looking at our e X right, we've got our saved rvp, and then we also have our

02:55

we're gonna call this function and so we're gonna have a return address. And so this is at our BP

03:02

minus eight, and I'll keep writing references so that we can keep track of them when we're going to use them later.

03:08

Some push RB x

03:12

push, R c X.

03:15

So this is at minus 10. So remember that we're dealing with 64 bit.

03:22

And so, um,

03:24

we're going to

03:29

be at 16 here, and so 16 is 10 in hex

03:32

and this is at minus 18. Hicks

03:37

type the right letter here.

03:38

Bush R D X, and that's at

03:44

20 Hex

03:46

thing in this. Put my minus there.

03:50

Push or s I

03:53

minus

03:54

03:58

push hard

03:59

de I.

04:02

That's at minus 30 hex

04:09

push.

04:11

I don't do our eight.

04:15

That's at 38.

04:17

Push our nine.

04:20

That's it. Minus

04:23

40.

04:28

Okay.

04:29

And then I'm going to set this up. And what we're going to do here is we're actually going to be pushing on some of the arguments that we're going to use it. The very end. And so we're actually going to do RSP at this point and then rvp and then we'll do. The other are 10 through our 15.

04:46

So since I've already saved our eight,

04:48

I can move into our eight

04:53

r b p,

04:55

and then I can add to our eight r b

05:00

05:01

10 hex. So the reason that I'm gonna add 10 hex. So I have,

05:06

um, eight for the pushed on version of our BP.

05:12

And then I have eight for the return address. And so I want to get the stack here at this point.

05:21

So I have to add 16 or 10 and hex.

05:26

And now I can push on

05:30

are eight, and this is going to represent RSP

05:40

now. I also want to do rvp, So move

05:45

our eight

05:47

the value at our BP.

05:53

So that would give me my old Rvp because Rvp points to its old version of itself.

05:59

So it off said zero, and then I can push our eight.

06:01

Now, the reason why I did this is I'm actually going to use these these air at the very end. If we look here, we got Rvp and RSP,

06:11

and

06:12

so I'm going to do them backwards because that'll be the easiest way to do it. So then I need to go through our 15 or 14 or 13 or 12. So I need to save all of those onto the stack,

06:23

and I'll use them actually to restore when I'm all done. So push ar 15.

06:34

Bush are 14.

06:39

Push our 13

06:46

or 11.

06:53

Okay. And then as faras parameters go, this is actually a parameter number nine.

07:00

This one is

07:00

Oh,

07:02

eight.

07:05

Oh, sorry.

07:08

07:10

07:12

07:14

07:16

14. And then we got 15 in 16 for these two.

07:20

This is

07:23

rvp.

07:27

All right, so now I have saved them all onto my stack.

07:30

Um, one of the things we're gonna want to do is restore them. So I'm going to do that at this point, and then we're going to set up,

07:36

um, a couple of extra ones that we've already done here. So I gotta pop them in the reverse order. So pop are

07:46

pop are 11

07:49

pop are 12 pop or R 13

07:56

are 14.

08:01

Okay, so these air the registers that I just got done pushing on,

08:07

um, I also then need to add to our SB,

08:11

um,

08:20

eight times two

08:22

there. No, Sorry

08:24

at our SB 10.

08:26

All right. So appear I pushed on two parameters. That's 10 hex, and I don't need the values of them. So I'm just going to

08:33

I'm correct the stack there. And now I need to pop off all my general ones that I push on again. So pop R nine

08:41

pop are

08:45

sorry are eight

08:48

are nine

08:50

our eight

09:01

r d x

09:03

r c x

09:05

r B x.

09:09

Okay,

09:11

so this should be the reverse order that I had done them before.

09:18

Just double check hip. I got 89 and then 98

09:24

Okay,

09:26

so we've set up these parameters basically nine through,

09:31

um,

09:31

16. We needed and then set the rest of them up. So the easiest way to do that is to basically move into registers. Devise that we're going to care about the scroll up so we can see,

09:45

um, are offsets here.

09:48

So I'm going to use our eight, because I

09:50

I'm going to use that at the very end

09:54

or one of the end ones. So it's It's an easy one, and it's shorter than some of the others. So move into our eight.

10:01

So for this one, I want to do parameter eight.

10:05

And so parameter eight is going to be our nine.

10:11

And so

10:13

RSP so we're gonna reference are sorry, Rvp

10:18

your efforts on a stack pointer and we're going to subtract

10:22

40 hex. So if we look for our nine, we see that that that's that 40 hex below are BP,

10:30

So we'll go ahead and move that into

10:33

are eight, and then just say,

10:35

push our eight.

10:39

Okay, so the next one we're gonna do

10:41

is seven.

10:43

And if we looked at our format, string number seven is going to be our eight.

10:48

So again, we move into our eight

10:52

r b B P minus.

10:56

So are eight is going to be at 38 some minus 38 texts.

11:05

Push our eight.

11:11

Okay.

11:13

The next one that we're going to do

11:16

is six, and that's going to be our D. I

11:20

so move into our eight

11:24

r B P

11:28

minus.

11:30

So that's at 30 Hex

11:35

and then push our eight. So here we just keep

11:37

moving these in, so that way we can push them onto the stack, because again, all of the

11:43

things that aren't going to fit in our first set are gonna have to go on the stack. And so here is our last one that we have to do this way.

11:52

So we're gonna do five.

11:56

That's gonna be or s I

11:58

So if we look up there, move into our eight. So our size at minus 28

12:09

R B E p

12:11

minus 28 texts

12:16

and then we push it

12:18

so that takes care of

12:20

and it help if I could spell these. All right,

12:24

so now that we have them all onto the stack, then we can do our our last four parameters in the way that we need to do them.

12:31

So the fourth parameter goes into our eight,

12:37

and for that I'm gonna use RDX,

12:41

So that's parameter for

12:45

move into our

12:50

C X

12:54

Well, it actually ends up being R c x for that one. So that's parameter

13:00

three for parameter to

13:03

it's RDX.

13:05

And the argument that I had put on there

13:07

is going to RB RB x

13:11

So I have RDX r c x R B X and then

13:16

are a X

13:16

move

13:18

into our S I So that's the location interested that we have to have and we need our e X,

13:24

and that is parameter one for our print.

13:28

And then we use

13:28

r D I for our format strings. This is called Just dump,

13:37

um, and then we for using print off, we need to move into R E X,

13:41

the number zero.

13:43

And then we should be able to,

13:46

um, call that function

13:48

so we will be able to call print f

13:54

with reference to the PLT.

14:01

And then we did push on,

14:03

um, some parameters here, and so we're going to go ahead and correct those.

14:09

So if we see here, we pushed on

14:13

14:18

14:22

No.

14:22

Three

14:24

for

14:26

1234

14:30

14:31

add to RSP

14:35

eight times four.

14:37

So we'll just

14:39

add into it. We can do the math there, and so that should make it all work out

14:43

So the hard part was making sure that we got our format string appropriate for all of those inputs. Uhm, I ended up leveraging the fact that we needed to save all these registers. So that way

14:56

we had less time spent doing it. Otherwise, I have to push every single one of the registers

15:01

and then copy all their contents back onto the stack again. And so these registers here, being pushed onto the stack are going to be used inside of the print F

15:13

because it's easier to do that, then to do this complicated step of copying something from the stack and then pushing it back on.

15:22

Um, it's just a simpler way in order to do that.

15:26

Okay,

15:26

so that should be our function.

15:31

See if I made any,

15:33

um,

15:33

mistakes.

15:37

Oh, what A

15:39

that I miss Type it here.

15:41

Yep.

15:41

So here, that's print half.

15:50

And I might have

15:52

lower case D. All right.

16:03

All right. So now we've built our project, and so what I want to do is go into 15.4

16:11

s. Um,

16:14

And so here we can call dump rags. So some fun things to do is to pick some registers and move

16:22

R E X

16:23

one move R B X

16:29

16:33

three

16:34

and then we end up calling dump rags,

16:40

all right?

16:42

And so then we end up with when we got our one or two are three printed off and you can see we have things like Rvp and RSP again. If we set those values to specific numbers, then we would see those appropriately set up

17:00

and so you can go in there and, you know, change some of these to test it out.

17:06

Move our

17:08

d x

17:18

Europe's

17:27

Here we go.

17:32

And so we got our feed beef in there,