Assembly

Course
Time
13 hours 15 minutes
Difficulty
Beginner
CEU/CPE
14

Video Transcription

00:00
Hello. This is Dr Miller, And this is Episode 14.5 of Assembly.
00:07
Today, we're going to do an example using Malik in assembly with structures.
00:12
So, Malik structure example.
00:15
So we're gonna do a similar one to what we did last time. So we're going to get the real time from the clock underscore, get time system call. And then what we're gonna do is we're gonna leverage Malik to access our structure like we did before,
00:30
so I've already got this started. So last time we had one called my time.
00:37
This is our structure.
00:43
And this is a resident one and then dot TV
00:49
nanoseconds
00:54
also rez de one.
00:59
And then we have our end struck.
01:03
And then we're gonna have our format
01:06
for our print f
01:18
all about a new line, followed by zero,
01:23
and then in here, we're gonna have some X turns.
01:27
So, friend tough
01:30
Malek,
01:36
look
01:41
and get time.
01:45
All right,
01:46
so the first thing that we're going to do is we're going to allocate some space on the stack. So do a move.
01:53
B p E s p.
01:56
So Yes, Pea.
01:59
Four. So a pointer is four bites were doing 32 bit assembly.
02:05
So now we're going to allocate space. So we're gonna push
02:09
eight hex. So we reserved two doubles.
02:15
Okay,
02:19
we got to correct the stack. Addy sp four. So you push something on so here will correct the stack,
02:24
and then we're going to save our pointer here. So movie VP,
02:30
Oops, maybe
02:32
t minus four.
02:36
Because we,
02:37
um, did our copy, and then we subtracted. So it's it down by four for local variable. And then the result of
02:44
Malik is an e X.
02:46
So now we're ready to call our get time, so push.
02:50
Yeah, X
02:52
push zero. So we looked at the arguments last time Anyone call
02:59
clock underscore, get time.
03:04
And then we pushed on to arguments. So we'll do. Add e S p eight
03:10
Kate. So that should get our call. And now we're ready to
03:14
do our print. So here we have to do a little bit more worked emitted last time.
03:19
So move into db X.
03:23
We're going to use our pointer. So we got CBP minus four
03:28
is the pointer to that
03:30
and then move into yea X. So now we do
03:34
E b X, which is our pointer and then we're gonna add my time. Got TV,
03:42
underscore and sec. Right? So we put our parameters in reverse order
03:47
and then push x. So we pushed that value that we loaded.
03:53
Now we gotta do the next one. So push.
03:58
Sorry.
03:59
Movie X
04:00
going to Eby X
04:03
plus and then do our next offset. So my time, don t the
04:11
underscore sick.
04:15
And then we're gonna push that value onto the stack. So you pushed to things onto the stack. We need to push our formats, a movie, a x format,
04:23
push your ex,
04:25
and then we'll call print F.
04:28
And then after we do that, we have to correct the stack. We pushed on three arguments, so add yes, p
04:34
12 and then correct the stack for original ones. I'll just to him separate ad e s p four.
04:44
So we did a subtract at the top. And so now we need to do our ad.
04:51
Oh,
04:54
Looks like I think we missed. Ah.
04:57
I, uh
05:00
type that one wrong.
05:04
All right.
05:08
So we can do 14.5, and then we can also run.
05:13
I have the sea version.
05:17
Oh,
05:27
here we go.
05:28
So now we can we can run both of them, and we can see that we get nearly the same results. I'm so clearly we implemented it properly
05:41
so we can see that basically, the big difference is that we had to save our pointer that we got from our Mellick.
05:46
And then when we wanted to get the data, we had toe load that pointer
05:53
into a memory location, and then calculator offsets one of these. Is it off zero? Their only ones that offset for
06:00
depending on how they're laid out.
06:02
And then
06:03
we just had to make sure that we passed it the right pointer. So here we happen to have the pointer in a compiler might,
06:11
um, optimized in this way. Otherwise, sometimes if they're not optimizing,
06:15
they may show you, um, a little bit different code than that.
06:23
So today we did an example using Malik and assembly, and we used structures for that.
06:29
Looking forward, we're gonna look at some case statements and then jump tables created by case statements.
06:34
Do you have questions? You can email me, Miller, MJ at you and Kate out. You do you And you can find me on Twitter at Milhouse 30

Up Next

Assembly

This course will provide background and information related to programming in assembly. Assembly is the lowest level programming language which is useful in reverse engineering and malware analysis.

Instructed By

Instructor Profile Image
Matthew Miller
Assistant Professor at the University of Nebraska at Kearney
Instructor