binary level program analysis assembly basics
play

Binarylevel program analysis: Assembly basics Gang Tan CSE 597 - PowerPoint PPT Presentation

Dec 28, 2023 •370 likes •500 views

Binarylevel program analysis: Assembly basics Gang Tan CSE 597 Spring 2019 Penn State University 1 Source code, Assembly code, Object code, and Executable Code Source Object Assembly Compiler Assembler code code code Then a

  1. Binary‐level program analysis: Assembly basics Gang Tan CSE 597 Spring 2019 Penn State University 1

  2. Source code, Assembly code, Object code, and Executable Code Source Object Assembly Compiler Assembler code code code • Then a linker links object code of different compilation units (files, libraries) into executable code • Assembly code – Consist of assembly instructions – Specific for a particular architecture (x86, x64, ARM, SPARC, etc.) • Object code – Consist of encodings of assembly instructions in bytes • Executable code – AKA machine code – In a particular file format (e.g., ELF or PE) 2

  3. Example Source Code: hello.c #include <stdio.h> int main () { printf("Hello, World!"); return 0; } 3

  4. Example Assembly Code: After “gcc ‐S ‐o hello.s hello.c” .file "hello.c" .cfi_def_cfa_register 6 .section .rodata movl $.LC0, %eax .LC0 : movq %rax, %rdi .string "Hello, World!" movl $0, %eax .text call printf .globl main movl $0, %eax .type main, @function leave main : .cfi_def_cfa 7, 8 .LFB0 : ret .cfi_startproc .cfi_endproc pushq %rbp .cfi_def_cfa_offset 16 .LFE0 : .cfi_offset 6, ‐16 .size main, .‐main movq %rsp, %rbp .ident "GCC: (GNU) 4.4.7 20120313 (Red Hat 4.4.7‐23)" .section .note.GNU‐stack,"",@progbits 4

  5. Example executable Code: After “gcc –o hello hello.c” Do “objdump ‐s ./hello” 5

  6. Binary Code Analysis • Refer to analyzing assembly or executable code • If given executable code – Step 1: disassemble it to assembly code – Step 2: analyze the assembly code • The disassembly step may be hard or easy – Depending on whether meta information is embedded into executable code 6

  7. Meta information in Executable Code • During compilation, meta information can be embedded into executable code • Meta information: symbol tables – Information about symbols (e.g., function and variable names) from source code – Each entry • The symbol name • The binding address • Type of the symbol • Misc. info – Symbol tables consumed by linkers and debuggers 7

  8. objdump ‐‐sym ./hello 8

  9. Meta information in Executable Code • Relocation information – Before linking, memory addresses of functions and global data are unknown – Compilers generate relocation entries – Static/dynamic linkers patch the program during linking 9

  10. Meta information in Executable Code • Debugging information – Generated by the compiler and consumed by debuggers (e.g., gdb) – During debugging, the debugger uses debugging info to relate binary code to source code • E.g., this instruction is generated code from this source code line – Include • Source code info: types and scopes of identifiers • Line‐number info: to relate binary to source code • Other info such as location description – Debugging info formats: DWARF and STABS 10

  11. Stripped versus unstripped binaries • Stripped binaries – Pure binary code; no meta information – Disassembly is hard (do not even know where functions start) • Unstripped binaries – Binary code plus meta information – Disassembly is easy • Why stripped binaries? – Meta information occupies space – Stripped binaries are harder to reverse engineer, making it easier to protect intellectual property 11

  12. Next: IA32 and Reverse Engineering basics • NSA tutorial on reverse engineering – https://codebreaker.ltsnet.net/resources – Introduction to x86 Assembly – Reverse Engineering Machine Code Pt. 1 – Reverse Engineering Machine Code Pt. 2 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Be a Binary Rockst r An Introduction to Program Analysis with Binary Ninja Agenda

Be a Binary Rockst r An Introduction to Program Analysis with Binary Ninja Agenda

Be a Binary Rockst r An Introduction to Program Analysis with Binary Ninja Agenda Motivation Current State of Program Analysis Design Goals of Binja Program Analysis Building Tools 2 Motivation 3 Tooling - Concrete -&gt;

963 views • 77 slides
Assembly basics CS 2XA3 Term I, 2020/21 Outline What is Assembly Language ? Assemblers Why

Assembly basics CS 2XA3 Term I, 2020/21 Outline What is Assembly Language ? Assemblers Why

Assembly basics CS 2XA3 Term I, 2020/21 Outline What is Assembly Language ? Assemblers Why Assembly? NASM Character and String Literals Integer literals Labels and Names Statements Program structure Input/Output Compiling+linking What

670 views • 28 slides
1 x86 Clones: Advanced Micro Devices Intels 64-Bit History (AMD) 2001: Intel Attempts

1 x86 Clones: Advanced Micro Devices Intels 64-Bit History (AMD) 2001: Intel Attempts

Today: Machine Programming I: Basics History of Intel processors and architectures C, assembly, machine code Machine-Level Programming I: Basics Assembly Basics: Registers, operands, move Arithmetic &amp; logical operations CSci

320 views • 8 slides
Programming in Assembly Language Minimal Program Move CS Basics Flags Increment

Programming in Assembly Language Minimal Program Move CS Basics Flags Increment

Programming in Assembly Language Minimal Program Move CS Basics Flags Increment and decrement 5) Programming in Conditional jumps Assembly Language Signed Values Structure of a program Emmanuel Benoist The Stack

293 views • 17 slides
LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary

LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary

LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary to decimal conversions and vice versa IEEE 754 Floating point representations Binary Arithmetic Decimal representation of binary numbers

1.66k views • 118 slides
Platform-independent static binary code analysis using a meta- assembly language Thomas Dullien,

Platform-independent static binary code analysis using a meta- assembly language Thomas Dullien,

Platform-independent static binary code analysis using a meta- assembly language Thomas Dullien, Sebastian Porst zynamics GmbH CanSecWest 2009 Overview The REIL Language Abstract Interpretation MonoREIL Results 2 Motivation Bugs are

677 views • 52 slides
Assembly Language Assembler translates the assembly language source into binary instructions in

Assembly Language Assembler translates the assembly language source into binary instructions in

Figure 1: Assemblers process Assembly Language Assembler translates the assembly language source into binary instructions in an object file . Programs usually contain multiple assembly/HLL source files, called modules , each com- piled

481 views • 5 slides
x86 basics ISA context and x86 history Translation tools: C --&gt; assembly &lt;--&gt; machine

x86 basics ISA context and x86 history Translation tools: C --&gt; assembly &lt;--&gt; machine

x86 basics ISA context and x86 history Translation tools: C --&gt; assembly &lt;--&gt; machine code x86 Basics: Registers Data movement instructions Memory addressing modes Arithmetic instructions 1 Program, Application Software

439 views • 39 slides
Bit Basics Eric McCreath Bit Basics A bit (Binary digIT) is single unit of binary storage. A bit

Bit Basics Eric McCreath Bit Basics A bit (Binary digIT) is single unit of binary storage. A bit

Bit Basics Eric McCreath Bit Basics A bit (Binary digIT) is single unit of binary storage. A bit is normally grouped with other bits to represent data or information. 4 bits form a nibble 8 bits form a byte (e.g. 10100001 or 0xA1 in hex) Bytes

845 views • 9 slides
Analysis of path exclusions at the assembly level 7th Int'l Workshop on Worst-Case Execution

Analysis of path exclusions at the assembly level 7th Int'l Workshop on Worst-Case Execution

Analysis of path exclusions at the assembly level 7th Int'l Workshop on Worst-Case Execution Time (WCET) Analysis Ingmar Stein, Florian Martin ingmar@absint.com The Goal A Jump conditions B C are equivalent 10 100 D E F 200 110

411 views • 24 slides
ARM Assembly Programming Cuauhtemoc Carbajal 06/08/2013 Introduction The ARM processor is

ARM Assembly Programming Cuauhtemoc Carbajal 06/08/2013 Introduction The ARM processor is

ARM Assembly Programming Cuauhtemoc Carbajal 06/08/2013 Introduction The ARM processor is very easy to program at the assembly level. (It is a RIS C) We will learn ARM assembly programming at the user level. Memory system

1.04k views • 85 slides
Lecture 9: Assembly Programming Part 2 Last Week Assembly basics addi $t6, $zero, 10 add

Lecture 9: Assembly Programming Part 2 Last Week Assembly basics addi $t6, $zero, 10 add

Lecture 9: Assembly Programming Part 2 Last Week Assembly basics addi $t6, $zero, 10 add $t6, $t6, $t1 QtSpim add $t6, $t6, $t1 mult $t0, $t0 ALU operations mflo $t4 add $t4, $t4, $t6 Arithmetic Logical Shift main: add

908 views • 49 slides
BINSEC: Binary-level Semantic Analysis to the Rescue S ebastien Bardin joint work with

BINSEC: Binary-level Semantic Analysis to the Rescue S ebastien Bardin joint work with

BINSEC: Binary-level Semantic Analysis to the Rescue S ebastien Bardin joint work with Richard Bonichon, Robin David, Adel Djoudi, Benjamin Farinier, Josselin Feist, Laurent Mounier, Marie-Laure Potet, Thanh Dihn Ta, Franck V edrine CEA

1.27k views • 61 slides
QSynth - A Program Synthesis approach for Binary Code Deobfuscation Binary Analysis Workshop -

QSynth - A Program Synthesis approach for Binary Code Deobfuscation Binary Analysis Workshop -

QSynth - A Program Synthesis approach for Binary Code Deobfuscation Binary Analysis Workshop - NDSS Robin David &lt;rdavid@quarkslab.com&gt; Luigi Coniglio &lt;luigi.coniglio@studenti.unitn.it&gt; Mariano Ceccato &lt;mariano.ceccato@univr.it&gt;

1.12k views • 82 slides
Bit Basics A bit (Binary digIT) is single unit of binary storage. A bit is normally group with

Bit Basics A bit (Binary digIT) is single unit of binary storage. A bit is normally group with

Bit Basics A bit (Binary digIT) is single unit of binary storage. A bit is normally group with other bits to form a larger groupings of information. 4 bits form a nibble. 8 bits form a byte (e.g. 10100001 or 0xA1 in hex) Bit Basics Bytes are

420 views • 3 slides
High-Level Languages Languages Assembly vs Machine Code Assembly vs high-level language

High-Level Languages Languages Assembly vs Machine Code Assembly vs high-level language

High-Level Languages Languages Assembly vs Machine Code Assembly vs high-level language Why Learn New Language availability special features porting maintenance more tools required for job cost Why Design a

1.36k views • 54 slides
Brief Assembly Refresher 1 Changelog Changes made in this version not seen in fjrst lecture: 23

Brief Assembly Refresher 1 Changelog Changes made in this version not seen in fjrst lecture: 23

Brief Assembly Refresher 1 Changelog Changes made in this version not seen in fjrst lecture: 23 Jan 2018: caller/callee-saved: correct comment about which register is callee-saved 23 Jan 2018: AT&amp;T syntax: addresses: two more examples;

1.16k views • 78 slides
Week 1 - Friday What did we talk about last time? Our first Java program Hardware

Week 1 - Friday What did we talk about last time? Our first Java program Hardware

Week 1 - Friday What did we talk about last time? Our first Java program Hardware Storage for all the data and instructions on your computer Modern computers store everything as binary digits (bits) which have a value of 0 or 1 .

519 views • 35 slides
Reusable Tools for Formal Modeling of Machine Code Gang Tan (Lehigh University) Greg Morrisett

Reusable Tools for Formal Modeling of Machine Code Gang Tan (Lehigh University) Greg Morrisett

Reusable Tools for Formal Modeling of Machine Code Gang Tan (Lehigh University) Greg Morrisett (Harvard University) Other contributors: Joe Tassarotti Edward Gan Jean-Baptiste Tristan (Oracle Labs) @ PiP; Jan 25 th , 2014 Our Need for an x86

741 views • 34 slides
CS 35101 Computer Architecture Spring 2008 2.9 and 2.10 Taken from Mary Jane Irwin

CS 35101 Computer Architecture Spring 2008 2.9 and 2.10 Taken from Mary Jane Irwin

CS 35101 Computer Architecture Spring 2008 2.9 and 2.10 Taken from Mary Jane Irwin (www.cse.psu.edu/~mji) Week 5 FA07 CSE 331 slides [ adapted from D. Patterson slides ] CS 35101.1 Spring 2008 MIPS Operand Addressing Modes Summary

396 views • 24 slides
Lecture 4 Finite State Machines 1 9/26/2019 Modeling Finite State Machines (FSMs)

Lecture 4 Finite State Machines 1 9/26/2019 Modeling Finite State Machines (FSMs)

Lecture 4 Finite State Machines 1 9/26/2019 Modeling Finite State Machines (FSMs) Manual FSM design &amp; synthesis process: 1. Design state diagram (behavior) 2. Derive state table 3. Reduce state table 4. Choose a state

531 views • 29 slides
MIPS Pseudo Instructions and Functions Philipp Koehn 2 October 2019 Philipp Koehn Computer

MIPS Pseudo Instructions and Functions Philipp Koehn 2 October 2019 Philipp Koehn Computer

MIPS Pseudo Instructions and Functions Philipp Koehn 2 October 2019 Philipp Koehn Computer Systems Fundamentals: MIPS Pseudo Instructions and Functions 2 October 2019 1 pseudo instruction Philipp Koehn Computer Systems Fundamentals: MIPS

679 views • 35 slides
Lecture 8: Intro to Assembly Programming The MIPS Microprocessor PCWriteCond Control PCSource

Lecture 8: Intro to Assembly Programming The MIPS Microprocessor PCWriteCond Control PCSource

Lecture 8: Intro to Assembly Programming The MIPS Microprocessor PCWriteCond Control PCSource Unit PCWrite ALUOp IorD ALUSrcB MemRead ALUSrcA MemWrite RegWrite MemtoReg RegDst IRWrite Opcode 0 1 2 Shift left 2 Instruction

1.13k views • 52 slides
CMSC 430 Introduction to Compilers Spring 2015 Intermediate Representations and Bytecode

CMSC 430 Introduction to Compilers Spring 2015 Intermediate Representations and Bytecode

CMSC 430 Introduction to Compilers Spring 2015 Intermediate Representations and Bytecode Formats Introduction Front end Source AST/IR Lexer Parser Types code IR2 IRn IRn .s Middle end Back end Front end syntax recognition,

379 views • 24 slides

More recommend