*Intro to x86-64
TryHackMe – Intro to x86-64 Write-Up
topics: assembly language, binary files
x86-64 Background
If Statements
Loops
Cracking Binary Files
new tools: radere2
tools:
x86-64 Background
x86-64 is the 64-bit version of the x86 CPU instruction set. Computers execute machine code, which is encoded as bytes, to carry out tasks on a computer. Since different computers have different processors, the machine code executed on these computers is specific to the processor. Intel x86-64 instruction set architecture is the most commonly found today. Machine code is usually represented by a more readable form of the code called assembly code. This machine is code is usually produced by a compiler, which takes the source code of a file, and after going through some intermediate stages, produces machine code that can be executed by a computer.
This room uses AT&T syntax opposed to Intel Syntax
In order to inspect assembly code, this room uses radare2
to do this - radare2 is a framework for reverse engineering and analyzing binaries. It can be used to disassemble binaries (translate machine code to assembly, making it readable) and debug binaries (by allowing a user to step through the execution and view the state of the program)
Introduction
This room uses a sample C program as an introduction
This program creates two variables and switches their values, we can inspect the code execution instructions and debug with radare2.
rd -2 intro
In the above picture we are running the most common analysis command, it analyzes all symbols and entry points in the executable file. We also se the disassembly syntax to AT&T. The analysis in this case involves extracting function names, flow control information etc.
pdf @main
meaning print disassembly function, the function main in this case
I referred to this useful cheatsheet throughout this room. The values in the left column are memory addresses of the instructions, stored in the stack.The middle column contains the instructions encoded in bytes (the machine code), and the last column are the human readable instructions.
The first command subq $8, %rsp
means to allocate 8 bytes of space on the stack (%rsp meaning stack pointer, topmost element and most recent address)
If Statements
In this example we'll be analyzing jump instructions in assembly.
Next we'll set a break point at the jge
and jmp
instructions using db <memory address>
Analyzing the if2 binary: cheatsheets in b.o folder
Loops
Cracking Binary Files
crackme1
crackme2
ww
Last updated