Assembly Language Programming and Shellcoding – Lab setup and some important things

Hi everyone,

Considering delay in the previous post, I’m writing this post on fast-track. Very unusual for me πŸ˜›

Anyways, today we will be looking into lab setup first and some check couple of things which we have seen in previous theory-based posts. Without any further delay, let’s get started.

Lab Setup:

OS Installation:

The most important thing to setup this lab is an x86 Linux OS. Now it’s solely your choice about Linux distro and how you wanted to use it (i.e. on base machine or virtual machine). I myself prefer Ubuntu x86 installed on VMWare. I like to install it using ISO file, but you can download readymade VM from OSBoxes. Honestly, there are lots of tutorials available on web regarding Linux VM installation. I’ll add URL of one in reference section. Anyways, in the end it will look something like this.

Stock Ubuntu installation on VMWare Workstation

Tools installation:

As we have seen we will be using NASM (Assembler), Linker (ld), GDB (Debugger), gcc (compiler), objdump (Object dump) and additionally Gvim/Vim (code editor). Out of this, we need to install just NASM and/or Gvim, as other tools will be available by default.

This can be simply installed by following commands:

Easy, isn’t it? With this we are almost ready to write our first code. But, before that we’ll look into few important things.

Update 1:

I forgot to mention one thing. If you don’t want to access Linux VM directly, you can install ssh server in Linux and access it using ssh client such as puTTY. I personally prefer Bitvise SSH client for Windows.

You can install ssh server using following command:

Important things to be checked before starting coding:

Systemcalls in Linux

Simply Systemcalls (or Syscalls) are the way to get service from OS kernel. For example, you want to write simple hello world program in assembly. You can go ahead and write your own code for displaying output on computer-screen. Though possible, it is tedious task. so, you use WRITE syscall to display output on the screen.

Linux Syscall Flow

In above figure, we can observe how the syscall WRITE works.

  1. From user space (where our program is running), value 21h is loaded in AL register, 21h (33 in decimal) is a syscall for print on screen.
  2. On executing int 80h, control is passed to Interrupt Description Table (IDT). In IDT, entry for provided syscall number is searched.
  3. If syscall is correct, then control is passed to Syscall table where the actual subroutine executed.

Syscalls are generally OS specific, hence you need to find out the list of the syscalls available in OS. In our case, location is as below:

Some of them shown in below screenshot:

Sample Syscalls

Linux Programmer Manual

To use syscalls in code, we need to understand how they actually works. i.e. parameters to be passed, datatypes etc. Linux programmer manual will help us with this. Lets see an example for WRITE syscall.

Result is shown in below screenshot:

Linux Programmer Manual for WRITE syscall

Parameters are generally passed in the registers as follow:

  • EAX = Syscall number
  • EBX = Param 1
  • ECX = Param 2
  • EDX = Param 3
  • ESI = Param 4
  • EDI = Param 5

Of-course we will look into this in more details while writing actual code.

STRACE Utility

We have seen the syscalls and the manual to use them. But one might wonder that what can be the sequence of use? or to replicate functionality of existing Linux executable to assembly program, which syscalls should be used? STRACE (syscall and signal trace) utility will come to rescue.

General Manual Page for STRACE

Lets try out STRACE with ifconfig utility. We will be checking occurrences of simple READ and WRITE syscalls.

STRACE for ifconfig

I guess this is enough for one blog post. From next blog, finally we will start writing actual program. I am sure you will be excited for it, just like me. Till then, Auf Wiedersehan!!!

Link:

Installing Ubuntu 16.04 LTS on Vmware Workstation:Β https://www.youtube.com/watch?v=Wmx5hZ_m7EY

I am guy in infosec, who knows bits and bytes of one thing and another. I like to fiddle in many things and one of them is computer.

Tags: , ,

SLAER

I am guy in infosec, who knows bits and bytes of one thing and another. I like to fiddle in many things and one of them is computer.

Leave a Reply

Your email address will not be published. Required fields are marked *

*