bamed.org

1. Learn x86 Assembly.

For those who don’t know, this is a programming language. Assembly differs from other programming language because it is basically line for line the instructions sent directly to the systems processor. Most programming languages work on a higher level and are written in such a way as to be mostly human readable. For example, in a higher-level programming language, if I want to open a file called “stuff.txt” I might type something like:

open stuff.txt

In Assembly, you would have to take the location of stuff.txt and move it into a specific location in memory, then call call the instruction to open a file, then move the contents of that file into a specific location in memory.  These are the actual steps the processor and memory go through when you compile and run the command from the higher-level language, it’s just the higher level languages were developed so you don’t have to know or understand what the processor is doing in order to actually make it do it.  Also, the actual commands are different for each type of processor, so I’ve chosen specifically to learn Assembly for x86 processors.  This would include Intel Pentiums 1-4, and most other 32-bit processors found in modern desktop computers.

Now, if higher level languages are easier to read, why would I want to learn Assembly?

First of all, learning Assembly will help me understand more precisely what’s going on inside my computer, and IMHO (In My Humble Opinion for those less-internets-savvy followers) gaining more understanding is a good enough reason on its own.

Secondly, the above example higher-level language command might compile into 100 lines of Assembly; however, it is possible they could be completed with only 20 lines of Assembly.  So code written in Assembly is typically a LOT smaller and faster.  Most developers don’t use Assembly often, but they will sometimes when a certain piece of code needs to be optimized for performance.  (Let me take a moment here to say that the example given is a HUGE over-simplification and really not accurate at all; however, it should be useful for helping my less technical followerd [ Hi, Mom and Dad!] get at least some kind of grasp on what I’m saying.)

Now the third and really the main reason I have already begun this endeavor is for the sake of exploit development.  I’ve mentioned buffer overflows on this blog before and what it all boils down to, is that if you don’t know at least a little Assembly, you won’t be able to even understand how buffer overflows really work.  Now I don’t want to just understand how they work, I actually want to be able to fuzz applications myself (fuzz = test an application for vulnerabilities) and be able to write my own exploit code.  If I want to do this with any kind of real success, I need a better grasp on Assembly than I currently have.

OK, I think that sums up this goal fairly well, so on to number 2!

This entry was posted on Friday, January 1st, 2010 at 1:56 pm and is filed under Church IT. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.