/_posts/2017-02-09-asm-crash-course-1.md

https://github.com/ckane/CS7038-Malware-Analysis · Markdown · 57 lines · 45 code · 12 blank · 0 comment · 0 complexity · e77eae0df879e7d527744f41ac03b46e MD5 · raw file 

    

  1. ---
    2. 

  2. title: Assembly Language Crash Course (Pt. 1)
    3. 

  3. tags:
    4. 

  4.  - malware
    5. 

  5.  - lecture
    6. 

  6.  - C
    7. 

  7.  - Assembly
    8. 

  8.  - CFG
    9. 

  9.  - Decompilation
    10. 

  10. ---
    11. 

  11. ## {{page.title}}
    12. 

  12. 

  13. This lecture introduces the class to mainstream CPU architecture, the compilation & translation stage,
    14. 

  14. and the distinctions between native machine language and more general machine-agnostic programming 
    15. 

  15. languages, such as C.
    16. 

  16. 

  17. We delve into how a compiler will break up the source code for a program into multiple blocks, to
    18. 

  18. construct a *Control Flow Diagram*, that governs execution flow. These blocks are then compiled, and
    19. 

  19. subsequently translated, into a native machine language for the target platform (such as x86-64
    20. 

  20. machine code).
    21. 

  21. 

  22. The human-readable representation of this is typically referred to as "assembly language".
    23. 

  23. 

  24. Using visual static analysis tools, such as IDA, this CFG is reconstructed from compiled code and
    25. 

  25. then presented to an analyst for review.
    26. 

  26. 

  27. Slides: [lecture-w05-2.pdf (PDF)](/lecture-slides/lecture-w05-2.pdf)
    28. 

  28. 

  29. Video: [CS7038: Wk05.2 - Assembly Language Crash Course](https://youtu.be/7sI5JPr8ENU?list=PLFvh_k-n27Cmh2VYc3e24s5_toZbgSPVE)
    30. 

  30. 

  31. <iframe width="560" height="315"
    32. 

  32.  src="https://www.youtube.com/embed/7sI5JPr8ENU?list=PLFvh_k-n27Cmh2VYc3e24s5_toZbgSPVE"
    33. 

  33.  frameborder="0" allowfullscreen></iframe>
    34. 

  34. 

  35. Example sources from lecture:
    36. 

  36. * [asm-prog.c](/code/asm-prog.c) - Original example C program discussed in class, with comments
    37. 

  37. * [asm-prog.s](/code/asm-prog.s) - Compiled code from above, represented in x86-64 assembly using AT&T syntax
    38. 

  38. * [asmprog.dot.pdf](/code/asmprog.dot.pdf) - CFG diagram for <tt>asm-prog.s</tt> from slides in PDF format
    39. 

  39. * [asmprog-snowman.cpp](/code/asmprog-snowman.cpp) - Decompiled C++ code from the compiled binary <tt>asm-prog</tt>
    40. 

  40. 

  41. Some helpful links to static analysis tools leveraging assembly language:
    42. 

  42. * IDA - [https://www.hex-rays.com/](https://www.hex-rays.com/) (closed src)
    43. 

  43. * binary ninja - [https://binary.ninja](https://binary.ninja/) (closed src)
    44. 

  44. * ROSE - [https://www.rose-compiler.org/](https://www.rose-compiler.org) (semi-open src)
    45. 

  45. * radare2 - [http://rada.re/r/](http://rada.re/r/) (open src)
    46. 

  46. * snowman - [https://github.com/yegord/snowman](https://github.com/yegord/snowman) (open src)
    47. 

  47. 

  48. Helpful machine-language and assembly references:
    49. 

  49. * x86 Instruction reference - simple site - [http://ref.x86asm.net/](http://ref.x86asm.net)
    50. 

  50. * AMD64 Programmers reference, Vol 3 - [https://support.amd.com/TechDocs/24594.pdf](https://support.amd.com/TechDocs/24594.pdf) (PDF)
    51. 

  51. * Sandpile - [http://sandpile.org](http://sandpile.org)
    52. 

  52. * Navigable parsed version of Intel 64 reference - [https://github.com/zneak/x86doc](https://github.com/zneak/x86doc)
    53. 

  53. 

  54. ARM Reference, for comparison:
    55. 

  55. * ARM Instruction Set - [http://www.peter-cockerell.net/aalp/html/ch-3.html](http://www.peter-cockerell.net/aalp/html/ch-3.html)
    56. 

  56. 

  57. [home](/)
    58.