### Assembly

Course
Time
13 hours 15 minutes
Difficulty
Beginner
CEU/CPE
14

### Video Transcription

00:02
Hello. This is Dr Miller and this is Episode 14.3 of Assembly.
00:06
Today, we're going to talk about using structures,
00:10
so we'll give a structure example.
00:13
So here's an example where we have a structure that is defined inside of see, we can see the structure, times, beck,
00:20
and it's called Start, and we'll go ahead and see that
00:23
we're gonna call clock underscore, get time. And that's going to be used to fill that structure
00:29
with the data about the number of seconds in the number of nanoseconds. And then we go ahead and print it off inside of this
00:35
C program.
00:38
So here, if we take that code and we paste it into a d compiler or the compiler Explorer,
00:44
we're going to see that we get offsets minus 12 and minus 16 as denoted by those arrows.
00:50
And so, as we push them on in reverse order, we know that the number of seconds is going to be
00:56
the first field inside of our structure. And so we'll go ahead and define that, and we will put the data on the stack and then call our function.
01:07
So our example. We're going to write a program that reads in the time using the get clocked underscore get time.
01:12
And then we're gonna print it out just like we do in the example.
01:19
Alright, so I've already started this.
01:25
So what we're gonna want to do is we're gonna define our structure.
01:29
So here we used the key word struck, and I'll call this my time.
01:34
And then we're going to use the dot notation to sort of separate the parts and we got TV underscore, and then we use seconds.
01:42
And when we look in the code, we see that it uses a d word. So we're going to say rez de one,
01:49
and then the next part is the nanoseconds.
01:53
And for that will also
01:55
we look in the code, we see that it has one d word
01:59
and then we have to use the key word here and struck
02:04
to tell us that that saying of our structure, we're also going to be printing something out so we'll define our format.
02:12
The time is, and we use L. D
02:16
for our formats bus fire for seconds,
02:25
the same thing for name of seconds
02:32
here, we're going to be using a couple of different functions, so we'll just declare those ex turns
02:40
so they got print F
02:45
and get our clock.
02:49
Is this called clock underscore? Get time.
02:53
All right. And so I'll put it in a few things. When we're the bugging, we'll get to see it. So, for example, we're gonna push
03:02
known values so we can see it on the stack.
03:06
Also clear at some memory,
03:12
we'll set up E v p
03:17
so that it points to this location here.
03:22
03:24
The address of E V P. C E Beeby points to the top of the stack,
03:30
which is gonna point to this No bite for us.
03:35
We'll go ahead and push that address on top of the stack,
03:38
and then we're pushing zero and so zeros for the real time clock. If you see there is a format for real time,
03:46
um, on there and when you look that up in the disassembled code, it ends up being the number zero.
03:58
Go ahead and get the clock time.
04:00
All right, So now this should be saved in our structure, which is on top of the stack. We got two bites in that particular order.
04:09
And so now we're gonna try and print it off so
04:12
we can say move into yea X, and then we're going to reference E v P
04:16
plus. And then we say my time and we're going to get the nanoseconds
04:27
so we'll grab the nanoseconds. And so this is just telling us a specific off offset on there.
04:36
And then I'll just copy these two lines
04:41
because I'm gonna change it from nanoseconds two seconds.
04:46
Then we need to load our formats. Best fire
04:51
pushed onto the stack
04:55
and call print F.
04:59
It's a little print it. So we need to correct the stack
05:02
for our print f. So we pushed on three parameters
05:06
so we can adjust it by 12.
05:11
And then in our previous one, you see that we pushed on,
05:15
um,
05:16
a bunch of things. So if we go up and count, we've got
05:20
12345
05:24
And so that ends up being
05:31
14 in Hex. So we got 10
05:34
plus in a four is 14
05:46
and so we can see it gives us this output. Um, I also have my main dot c.
05:51
So it should actually give me the same output
06:02
and so I can run
06:09
and I can do both of them.
06:14
And we can see that the number of seconds is similar. The number of nanoseconds. It takes some time to execute this program and quit and start executing this one.
06:24
So they're going to see that they're a little bit different, which is what we should have is the case.
06:31
So today we saw an example using structures and how we can take those and reverse engineer it from a C example so that we can then use them in assembly and define them in assembly.
06:46
So in the future, we're gonna look at structures and unions, and we're gonna look at how Malik affects how they are created and used.
06:55
You have questions you can email me Miller M J U N K D i e d u. And you can find me on Twitter at Milhouse 30

### Assembly

This course will provide background and information related to programming in assembly. Assembly is the lowest level programming language which is useful in reverse engineering and malware analysis.

### Instructed By

Matthew Miller
Assistant Professor at the University of Nebraska at Kearney
Instructor