Skip to content
This repository has been archived by the owner on Dec 19, 2023. It is now read-only.

Latest commit

 

History

History
130 lines (88 loc) · 1.94 KB

File metadata and controls

130 lines (88 loc) · 1.94 KB

x86 Assembly Language and Shellcoding on Linux - Pentester Academy (study notes)

Know your cpu

>> lscpu
>> cat /proc/cpuifo

General Purpose registers

Investegating CPU registers

# First attach gdp to a running process
>> gdp /bin/bash

# set a break point
>> (gdb) break main

# See all CPU registers
>> (gdb) info registers

# See EAX in hex (General purpose flag)
>> (gdb) display /x $ax
>> (gdb) display /x $eax
>> (gdb) display /x $ax
>> (gdb) display /x $ah

Checking which command will run next

>> (gdb) disassemble $eip

To see all registers

>> (gdb) info all-registers

Change gdb to show Intel syntax instead of AT&T

>> (gdb) set disassembly-flavor intel

CPU Modes

Memory Models

Linux Mode and memory model

Memory arch

Investigating memory of a running process

# Get proccess pid
>> ps | grep <process name>
>> cat /proc/<pid>/maps

OR

>> pmap -d <pid>

OR Attach the process to GDB

>> (gdb) info proc mappings

Get all system code numbers

>> vim /usr/include/i386-linux-gnu/asm/unistd_32.h

Invoking system calls with interupt 0x80

To see the manual for a system function

>> man 2 <func name>
# e.g.
>> man 2 write

Creating our first assembly app

hello_world.asm

# building
>> nasm -f elf32 hello_world.asm -o hello_world.o

# linking
>> ld hello_world.o -o HelloWorld

# running
>> ./HelloWorld

# Debugging
>> gdb ./HelloWorld
>> (gdb) break _start
>> (gdb) run
>> (gdb) set disassembly-flavor intel
>> (gdb) disassemble
>> (gdb) info registers
>> (gdb) stepibb