DOOM's Pentest Arsenal
DOOM's Pentest Arsenal
Pentest Arsenal
Assembly Basics
Assembly
Memory
Shellcode
Fuzzing
Powered by GitBook

Assembly

Processors Registers

General purpose registers - 32 bit

EAX,EBX,ECX,EDX,ESI,EDI,ESP,EBP

General purpose registers - 64 bit

RAX,RCX,RBX,RDX,RSI,RBP,RSP, + R8-R15

General purpose registers (i)

EAX/RAX - Acumulator Register - "imul 4, %eax"

  • Designed to work as calculator

EDX/RDX - Data Register - "add %eax, %edx"

  • Work with EAX on calculations

  • Pointer to input/output ports

ECX/RCX - Count Register - "mov 10, %ecx"

  • Used often with loops

EBX/RBX - Base Registers - 'inc %ebx"

  • General purpose registers

  • The lower 16-bits of the 32-bit General purpose registers can be referenced independently

  • The upper and lower 8 bits of the lower 16 bits can also be referenced independently with ah/al, dh/dl, ch/cl,bh/bl

General purpose registers (ii)

ESI/RSI - Source Index

  • Pointer to read locations during string operations and loops

  • repz cmpsb %es:(%edi),%ds:(%esi)"

EDI/RI - Destination Index

  • Pointer to write locations during string operations and loops

ESP/RSP - Stack Pointer - "movl %esp, %ebp"

  • Holds the address of the top of the stack

  • Changes as data is copied to and removed from the stack

EBP - Base Pointer- RBP is used for general purpose

  • Serves as an anchor point for the stack frame

  • Used to reference local variables

Segment registers - 16-bit

  • CS, DS,SS,ES,FS,GS

  • Often used to reference memory locations

FLAGS register - Mathemaical operations

  • Zero Flag | Negative Flag | Carry Flag and so on

Instruction Pointer(IP) Control registers

  • CRo - CR4

  • CR3 holds the start of the address of the page directory.

  • NOTE: The R in the register name on 64 bit system stands for Register.

Useful GDB Commands

diass - Dumps the assembly instruction of the function

  • diass main

break - Pauses the execution when the given function is reached

  • break main

print - Prints out the content of a register and other variables

  • print $eip

x/i - Examines memory allocations

  • x/20i 0x7c87534d

info - prints the contents and state of registers and other variables

  • info registers

c or continue - Continues execution after a break point

si - Step one instruction

backtrace or bt - Prints the return pointer back to the callers as part of the current call chain

info function - Prints out all functions

  • info func

  • This command will not print out stripped functions, only those located in the procedure linkage table

set disassembly-flavor - Changes the assembly syntax used

  • set disassembly-flavor att

info breakpoints and delete breakpoints - Lists and deletes breakpoints

  • del breakpoint 3

run - Runs or restart the program

AT&T

Intel

sub $0x48, %esp

sub esp,0x48

mov %esp,ebp

mov ebp,esp

src dst

dst src

AT&T

  • $ = Immediate Operand - subtract 0x48 to the value of the memory address %esp so (basically allocate memory address)

  • % = Indirect Operand

  • () = Pointer

Intel

[] = Pointer

Previous
Pentest Arsenal
Next - Assembly Basics
Memory
Last updated 10 months ago