Assembly

Course
Time
13 hours 15 minutes
Difficulty
Beginner
CEU/CPE
14

Video Transcription

00:04
Hello. This is Dr Miller. And this episode 15.7 of Assembly.
00:09
Today, we're gonna talk about writing a shared library in assembly.
00:14
So our shared library example. So what's our problem? To be solved.
00:18
So we're going to write some code, um, and a method inside of assembly. And then we're going to use C calls to reference that. And what we're gonna do is we're gonna set up some rideable and execute herbal memory. It's also readable. Um, and then we're gonna copy some assembly code into that memory,
00:35
and then we're going to go get a function pointer and then execute
00:38
the code inside of that buffer
00:41
so it will involve a lot of the different things that we've talked about throughout our class.
00:47
So this is based off of the previous lecture where we talked about I'm creating a shared library so we can see here that we have all of the code to build our shared library.
01:00
So we'll start with creating a little bit of code that we're going to execute. So
01:07
in here,
01:14
we're going to create a text segment, and we're just going to do a move for us. So movie a X
01:23
in hex.
01:26
All right.
01:29
Ah, spill segment. Right.
01:34
And so what we can do is we can get the bites out of this, so I'm just going to
01:38
show you the get bites code. So basically, we're going to weaken, compile that assembly into an object file, and then we can use object dump to basically pull out the bites of that.
01:52
So here it created our object file, and then we're going to see
01:57
these are the bites that it will do. Move yea X and then 123 in hex.
02:02
So we're going to just copy of these bites out,
02:07
and we're gonna end up putting those inside of our assembly file.
02:16
So we want to declare a piece of data that we're going to be able to use. So we're gonna make this global.
02:27
We're going to tell it.
02:29
Tell the linker that this is data, and then we're going to allocate 16 bytes for this.
02:36
So here's our buffer,
02:42
and then
02:43
so we're gonna put all these bites here. So one of the things we should know is that we gotta put we want to make thes hex bites, cause that's what was output id.
02:52
And then because this one started with the B, it might think it's a variable. So I gotta put a a
02:58
zero in front of it,
03:07
All right? And then I'm gonna allocate some empty space here just to be sure you can change your sizes here, but,
03:16
well, Alec a,
03:19
um 16.
03:23
No bites inside of there.
03:25
I'm so that we can
03:28
reference that
03:30
and then inside of here,
03:32
we're going to, um,
03:35
so we're basically going to fix our code, So I didn't put a return statement end. And so I know the code for a return statement is C three in Hex. And so we're going to move. So this is offset. 01234 So we need offset five.
03:55
We'll put that here. Move,
04:00
fight.
04:12
So here, we need to load the address. Here. We're setting, um,
04:15
bite five.
04:17
Um, to our nose, we had 01234 So this is 1/5 bite.
04:24
We'll set. And here we need to load the address of buffer. Now, again, this is going to be relative to the symbol table. So with respect, reference to
04:33
the symbol table,
04:36
and then we'll go ahead and finish our code here.
04:40
And so we're gonna want to call Ras the main so that this function will actually return when we're all done. So well, just make sure that we call that
04:49
and we can see that we set Global Asan main function. So that way, it is a function that we can call if we need to.
05:00
So that's our assembly code. And then inside of our main code,
05:09
I've been already included some of these things eso that I don't have to necessarily type them all out.
05:15
Um,
05:15
I got standard io twice. So have standard io we can use, um, a string library.
05:21
I don't know if we'll use that one. Actually, in this one,
05:25
um, one of the things that we're going to use is the memory manager. So, um, we're using em map. So we're doing a memory map.
05:31
And so what the memory map is going to do is it will allocate us a certain size of memory, and then it could give us different protections. So that's the p. R. O. T.
05:43
And so we want that memory to be readable, rideable and execute herbal. So we're gonna be running some code, and we're gonna copy some data to it.
05:50
Um, and then we're going to map that to private and anonymous. And so it'll it'll allocated for us right away and use the anonymous flag, which I had to define up here because some versions of Lennix don't work properly for that.
06:08
Now we want to be able to use a S on main, and again, that's going to be dynamics weaken, say, into Asan Main. And then we can call that in order to patch up our bites. And so what I want to do is I want to copy the data from Buffer into this data location.
06:24
So at the top, I need to, um, tell it that buffer exists.
06:29
So that's going to be ex turn
06:30
you
06:32
and a underscored T.
06:36
We learned about that,
06:40
and then I'm gonna allocate 16
06:43
um, bites for that. And this is basically just telling it that its 16 bytes wide but its external and so it doesn't It's just you can actually have a pointer to it. So the size probably really doesn't matter.
06:56
And so then what we want to do is we want to copy the data from the buffer into our,
07:00
um, data
07:01
variable. So we'll just write a for loop,
07:12
and then we'll copy data from
07:15
one into the other.
07:18
So you can say data at I
07:23
is equal Teoh
07:25
buffer at I and making sure you get the size is right, Right. So I want these to be bites cause I want a copy, all of the bites from one to the other.
07:34
And so both of these air, I'm just going to use you went 80 to make sure that these get to be bites and that we don't have any sign extension breaking things inside of those.
07:46
All right, so now we need to create a function pointer. So again, this is something that we have learned before.
07:53
And so
07:55
what we want to do is we, um, want to get the result of our function.
08:00
Um, and so it's gonna move the value into the A X or R E X, and so we can go ahead and declare our function. So you and
08:09
and so we'll just copy 32 bytes for it.
08:13
So 30 to underscore t.
08:16
So that is the return type of our function.
08:20
And so
08:22
we're going to have a function pointer. It's going to take no arguments, so it's gonna be avoid function
08:28
and we'll say that is
08:31
so Then we're going to got to put our cast here. So the return type again, you int
08:37
32 underscore t
08:41
This is a pointer
08:43
and then the function takes void or no arguments.
08:48
And so we're going to turn data into a function pointer.
08:54
And so then we can basically use F as though it's a function that takes no arguments
09:00
and it returns a U. N 30 to underscore t
09:03
right. And so we moved, um, data into the X, and so we can get the result of that.
09:11
So you end 30 to underscore t
09:16
value. And then we're just gonna call
09:20
the function F.
09:22
And then we can print off that value so we can do print F.
09:28
I'll put a zero X in the front and then percent 08 x
09:35
put a new line
09:39
and then I'll put my value
09:39
so we will end up referencing buffer and then referencing the fact that Assam main is going to get executed.
09:56
Looks like I have a syntax air here online five
10:05
for five. I misspelled this.
10:11
All right,
10:16
So I also have this update path that will let me,
10:20
um, export that shared libraries, that I can see it,
10:26
and then I should be able to run.
10:30
And we get the value. 1234 So and then I'd like to debug. It's just so we can see
10:41
now you can see that I added to bugging symbols, and so then we can see the sea commands inside of here, and we can also see the assembly commands.
10:50
So
10:52
let's just do,
10:54
um
10:56
next
10:58
to go over the different functions.
11:01
So
11:01
what I'd like to do is I'd like to skip my loop. I just want to come down here so I can just say break
11:09
19. I can continue over my loop.
11:13
So here, we're going to see that we're going to, um,
11:16
skip over the data so we can print off. What's that? Data
11:22
zero
11:24
12
11:28
three
11:30
for?
11:31
And five.
11:33
So we can see that the A s M main got called and it modified data so that it had the right values, because we know what the end we added our c three,
11:41
um, inside of there.
11:45
And so then we can, ah do our cast.
11:48
And then what I want to do is I'm going to step into our function so we can see that we have our buffer and we're going to just step into that. So
12:00
Uncle, who go ahead and use step instruction and then we'll go over each instruction so it will copy the pointer into our X, and then it's going to go ahead and
12:09
call Ari X. And then we can see our code movie a X 1234 And then when I patch the bites, I added a return in there, so that again is the next symbol.
12:20
And so then our value gets set, and then it gets copied into our value and then print it off.
12:37
So today we talked about building an assembly dynamic library, using a lot of the things we've talked about in class. In order to get that done,
12:46
if you have questions, you can email me miller M J U N K i e. To you and you can find me on Twitter at Milhouse 30

Assembly

This course will provide background and information related to programming in assembly. Assembly is the lowest level programming language which is useful in reverse engineering and malware analysis.

Instructed By

Instructor Profile Image
Matthew Miller
Assistant Professor at the University of Nebraska at Kearney
Instructor