Computer Architecture Exploitation and Security
The x86 Software Architecture
Objectives
This lab focuses on the following objectives:
· Describe Intel instruction format.
· Describe instruction encoding
· Describe addressing modes.
· Analyze lea instruction results
· Extract opcode
Background Reading
Read Manual Intel Combined volumes -Volume 2 chapter 2 sections 2.1.x and 2.2 x Pages XXXXXXXXXXand slide for Module 4
Problem 1 Intel Instruction Format XXXXXXXXXX__/15
In the Intel Software Developer’s Manual (SDM), use the Opcode Map (Volume 2, Appendix A, page Vol. 2D A-8), Section XXXXXXXXXXpage Vol. 2A 2-6), and Table 2-2: 32-Bit Addressing Forms with the ModR/M Byte (page Vol. 2A 2-3) to decode the mnemonic for the following instructions:
Opcodes
Instruction
CC
89 EC
8B 45 08
55
C3
01 D8
C7 45 f XXXXXXXXXX
8D 83 F8 FE FF FF
Explore Intel Manual Vol 2 Chapter 3 and 4 “Instruction Set Reference” to find the opcode of the following instructions
Instruction
Opcode
One byte NOP
Syscall
Call rax
pop rsi
leave
xor rax,rax
sub rsp,0x10
Problem 2 Opcode and Assembly XXXXXXXXXX___10
A. Provide the opcode for the following instructions
B. Provide the instructions for the following opcode
Problem 3 –Analyze lea instruction __/15
1. Compile it and use the debugger to analyze the code by doing the following:
a. Create
eak point in main and run it
. Observe the code section (where the instructions are located) and use si to step in till reaches the lea rax,[rip+displacement] instruction and observe the content of rax register. What is the value of rax register after executing lea rax instruction?
c. ( 2 marks) Use print $rip to find the address of rip. Observe the second operand of lea instruction [rip+displacement] and use the calculator to add the displacement to rip address. What is the result? What is your observation?
d. ( 1 mark) Continue using si till you step in to the first lea rdi instruction. Observe the content of rdi register. What is the value of rdi register after executing lea rdi instruction?
e. ( 2 marks) Now that you know the content of rax and rdi registers use x command to verify the content of the address within these registers. What is the content?
f. ( 2 marks) What is the purpose of lea instruction?
g. ( 3 marks) Attach screen captures that demonstrate the content of register rax and rdi after executing lea instruction and the content of the address within these registers
h. ( 1 marks) What address contains the string “
in/sh”
i. ( 2 marks) Use disas command and identify the opcode of the lea instructions implemented in this program. Attach the screen capture that demo results
j. ( 2 marks) Use c (continue) command to terminate the program. What is the purpose or output of this program?
Problem 4 –Extract opcode __/10
1. Create the following hellorelative.nasm code
2. Use nasm to generate the object file hello.o
3. Use the debugger to find the relative address that contains the string hello_world.
4. Use objdump -d hello.o to display the opcode
5. Use the following regular expressions to extract the opcode (shellcode) from objdump as follows:
Objdump –D –M intel hello.o | grep ‘[0-9a-f]:’ | cut –c7-26 | paste –d ‘ ’ -s
| tr –s ‘ ’ ‘ ’| sed ‘s/ /\\x/g’ | sed ‘s/\\x$
’ | sed s’/55/\\x55/’ > shellcode
6. Attach the opcode and the extracted opcode(shellcode)
Problem 5 –Implement .bss section in Assembly XXXXXXXXXX__/12
1. Run the following assembly code
2. (2 marks) Use nasm and ld to generate the executable. Run it and analyze the code that reads from STDIN and prints on STDOUT. What is the purpose of variable name in .bss section?
3. (5 marks) Write assembly code that implements .bss section. Ask for a value, reads value from STDIN and prints the value on the STDOUT. Comment the read and write system calls and attach the screen captures with the commented assembly code and results
4. (5 marks) Write assembly code that compares two numbers and prints the minimum on STDOUT