reverse engineering part 1 Flashcards
decribe the ways data can be code and how it can be attacked
attacks trick program into accepting data which is code
e.g sql injections and XSS
describe how code can be data
executable code is written/modified like any document so attacker can end up doing what they want to the program
this is reverse engineering
what is the definifiton of reverse engineering
process of analysing the software to understand its functionality without access to source code
low level programs are analysed, functionality can be altered and protecteions can be taken away
good protections can also slow this process down and not fully stop it
goals of reverse engineering
security research
learning how compilers and systems work
debuggers and preformance optimisation
describe to be binaries in systems
systems have different binary formats
how is a c programme transformed into an executable binary
a compiler
what does a compiler do to a C programme
transforms it into an executable binary
what does a binary contain
machine code instructions
do systems have different binary formats
yes
can CPUs support different instruction sets
yes
what is a debugger
programme that debugs other programmes
what processes can you do using a debugger
can halt or run target programme at any point
step through code line by line
display or alter contents of memory, CPU registers and stack frames
what is a dissembler
programmes that converts machine code into assembly language
describe what dissembler does to machine code
machine code is in binary representation , it converts it to low level programming language representation
what is a decompiler
programme that converts machien code to high level programming language ( e.g c# code )
when c programme is put through compiler what does it become
x86-64 binary
when x86-64 binary is decompiled what does it become
C PROGRAMME
when x86-64 binary us disassembled what does it become
x86-64 Assembly
what is assembly
machine code in deterministic mapping
what are registers
small but fast units of storage for the CPU
what is memory
larger chunks of data , referenced by address
contains code , heap and stack.
what are the two types of registers
general purpose registers
special purpose registers
what are general purpose registers used for
they are used for computation
what are special purpose registers used for
store instruction pointers (program counter) etc
what does SPL stand for
stack pointer
what does BPL stand for
base pointer
what is register aliasing
registers RAX,EAX,AX,AH,AL all describe different parts of the same memory cell
what bits do each register stand for
RAX
EAX
AX
AH
AK
RAX - 64 bits
EAX - 32 bits
AX - 16 bits
AL - lower 8 bits
AH - higher 8 bits
what does mov dst, src do
moves data from source (src) to destination (dst)
what does push src do
push onto source (src) stack
what does pop dst do
pops value from stack and stores it in destination (dst)
what does add dst, src do
dst += src
what does sub dst, src do
dst -= src
what does imul dst, src do
dst *= src
after arithmetic operations 3 fags are set , what are they?
ZF: zero flag, sets to 1 if result is negative
SF: sign flag, sets to 1 if result is negative
OF: overflow flag, sets to 1 if operation has overflowed
what does the zero flag do
sets to 1 if result is 0
what does the sign flag do
sets to 1 if result is negative
what does the overflow flag do
sets to 1 if operation has overflowed
what does jmp label stand for
jump to label
what does call fn stand for
pushes instruction pointer into stack and jumps to function and always has a return statement
what does ret stand for
pops ip from stack
what does cmp a,b stand for
calculates b-a and set flags
what does test a,b stand for
calculate a&b and sets flags
what does je label stand for
jumps to Label if flag zero is set
what does jne label stand for
jumps to label if zero flag is not set
what does nop label stand for
No-op instruction , does not do anything
what does and dst,src stand for
dst &= src
what does or dst,src stand for
dst |= src
what does xor dst,src stand for
dst ^= src
what do square brackets indicate
Direct Memory Access: [address]
they indicate the operand is a memory address instead of a direct value or register
what are the dofferent ways of memory addresses
