x86-64 Assembly

---

Go HERE to take this class as a 4-Day Buffet course.
Go HERE to take this class as a 3-Day Buffet course.
Go HERE to join just the x86-64 OS internals class.
Go HERE to join just the x86-64 Intel Firmware Attack & Defense class.

---

This class is run a little different from most classes. We provide you purpose-built recorded lectures instead of trapping you in realtime with live-lectures. But fear not, the instructor is always right there eagerly waiting to mingle with the students and answer any questions you have. (The instructor really likes being asked questions. It shows you’re paying attention ;)).

One of many benefits is that you can watch lectures at 2x speed and zoom ahead of the other students and get to the hands on labs quicker. Or if there’s bits of material you already know, you can just skip them and move on to the bits you don’t know! Another big benefit is that you get to take the full lectures and labs with you! That means if you forget stuff and then need it in 6 months, you can quickly re-bootstrap yourself! Or you can watch the class twice, to really grow those neural connections and cement it in your brain! And unlike live lectures, our lectures are always getting more factually accurate, by having any accidental errors edited out.

Because we give you all the lecture and lab materials and videos after class, what you’re really paying for is support from the instructor! So you’ll be entitled to keep asking up to 20 questions after class, with 1-2 hour turnaround answers (after accounting for time-zone differences.) This lets you keep productively working through the material if you run out of time at the conference. If you’d like to learn more about the benefits of this style of class delivery, please read this blog post

 

Key Learning Objectives

• Learn the most common assembly instructions, which cover > 96%+ of all code found in most programs[1].
• Learn about the 16 Intel x86-64 general purpose registers + RFLAGS.
• Understand the at time confusing or counter-intuitive compiler-isms of both Microsoft Visual Studio, and GCC which lead to particular patterns in executables’ assembly.
• Learn to debug and analyze executables which you don’t have the source code for, in both WinDbg and GDB.
• Learning how to write C code and disassemble it to see what instructions were generated. But also learning how to write assembly to see how it behaves, or even raw bytes to see how the assembler and processor interprets it.
• Being comfortable with Reading The Fun Manual (RTFM!) to go seek out the most accurate details of how things work.
• Reverse engineer the black box Carnegie Mellon “Binary Bomb Lab”, which has changed the lives of so many students (the instructor included!) This is a *major* hands-on reverse engineering exercise (which can take anywhere from 2 hours to 2 weeks!) which has been shared the world over by thousands of students. This gives you something substantive to chew on even after class to really reinforce your understanding and capability to read assembly.

[1] https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.407.5071&rep=rep1&type=pdf

 

What Students say about this training

 

“Gamification: Nice Job. Unreal. Wow. Content selection: Perfect! Teaching style: I wish I had teachers like you for everything… no… EVERYTHING!!! Slides: Even if I live underground without computers for 10 years, come back, take your slides… I’ll remember everything“

“RARE Skills are valuable! The pep talk was amazing on why we should learn such stuff and skills. I liked how the material is really presented in depth. The quality is really amazing on the GDB content and everything needed and resources are placed nicely in the course.”

“I liked the mystery solving and gamification very much. Teaching assembly with gamification feels impossible yet it was done. It is well organized and the parting with sub-topics was good to follow and track where I am in the course.“

“I absolutely love the class, adding non technical story lines added a lot to me, kept it less “monotone” for me.“

“I liked the self paced nature of the course, which allowed me to track my progress and complete the course in a chunked manner.”

“The games at the end of each section really help in understanding concepts. The format of “here’s the idea, now a draw a stack diagram” is nice. There were times when I’d draw the stack diagram, get confused, then the next video answers my questions. The bomb lab is a fun way to test your knowledge.”

“I really liked the progress tracker. It gave me a sense of accomplishment when finishing modules. The GUI as a whole is well done. I felt like the progression of the class was logically laid out as well, adding more layers of complexity to the C code to provide more complex asm.”

“Elaborating concepts clearly. Nice presentation. Loved the “go and draw the stack diagram” part and the fun quizzes&games. Loved the fun way of explaining everything and it does not make it boring at all.”

 

Topics Covered

Introduction

•  About this class
•  Optional refresher: binary to hex to decimal
•  Optional refresher: two’s complement negative numbers
•  Optional refresher: C data type sizes
•  Background: Endianness

 

Computer Registers

• Memory hierarchy
•  x86-64 general purpose registers
•  Intel recommended register conventions

 

Your First Instruction

•  No-Operation (not)

 

The Stack

•  Overview
•  New instructions: push & pop
•  RoX0r Arcade: The RSP Game: 
•  – Level 1: Canonical orientation, rbp at top, rsp at bottom
•  – Level 2: Canonical orientation, rbp and rsp move around
•  – Level 3: Canonical or flipped orientation, rbp and rsp move around
•  – Level 4: Four possible orientations, rbp and rsp move around

 

Calling Functions

• CallASubroutine1.c: New Instructions: call, ret, mov, add, sub
•  Stack frame single-step slideware walkthrough
•  Stack frame single-step VisualStudio walkthrough
•  RoX0r Arcade: Dark Mathemagic:
•  – Level 1: Basic mov, add, sub w/o calculator
•  – Level 2: mov, add, sub w/ calculator

 

Local Variables

• SingleLocalVariable.c
• Mystery Listery 3 Solved!
• ArrayLocalVariable.c, New Instructions: imul, movsx, movzx
• StructLocalVariable.c
• RoX0r Arcade: Dark Mathemagic:
• – Level 1: movzx
• – Level 2: movsx

 

Function Parameter Passing

•  Pass1Parameter.c
•  TooManyParameters.c
•  Mystery Listery 2 Solved!
•  64-bit Calling Conventions
•  32-bit Calling Conventions
•  Mystery Listery 1 Solved!
•  SpecialMaths.c, New instructions: lea
•  RoX0r Arcade: Dark Mathemagic:
•  – Level 1: lea

 

Control Flow

• GotoExample.c, New instructions: jmp
• IfExample.c, New instructions, “jcc”, cmp
• IfExample2.c
• SwitchExample.c
• RoX0r Arcade: 1 step forward, 3 steps back: Jumps
• – Level 1: jz/je, jnz/jne
• – Level 2: ja/jnbe, jna/jbe, jb/jnae, jnb/jae
• – Level 3: jg/jnle, jng/jle, jl/jnge, jnl/jge

 

Boolean Logic

• Refresher: Boolean logic
• BooleanBecause.c, New instructions: and, or, not, xor
• ForLoopNoRet.c, New instructions: inc, dec
• BitmaskExample.c, New instructions: test
• RoX0r Arcade: Dark Mathemagic:
• – Level 1: and, or, xor, not
• – Level 2: inc, dec
• – RoX0r Arcade: 1 step forward, 3 steps back: Jumps w/ test
• – Level 1: test, js, jns

 

Bit Shifting

• ShiftExample1.c, New instructions: shl, shr
• ShiftExample2Unsigned.c
• ShiftExample3Signed.c, New instructions: cdq, sar
• RoX0r Arcade: Dark Mathemagic:
•  – Level 1: shl/sal, shr, sar

 

Multiply and Divide

• MulDivExample.c, New instructions: div, idiv
• RoX0r Arcade: Dark Mathemagic:
• – Level 1: mul + imul, 1-operand form
• – Level 2: mul + 1, 2, and 3-operand forms of imul
• – Level 3: div + idiv

 

CISC Delight: REPeatable Instructions

•  ArrayLocalVariable2.c, New instructions: rep stos
•  ThereWillBe0xb100d.c
•  JourneyToTheCenterOfMemcpy.c: New instructions: rep movs
•  RoX0r Arcade: DarkMathemagic: BOSS LEVEL!!!
•  – YOU VS. ACCUMULATOR!!!

 

Choose Your Own Adventure!

• Here, if you mostly care about Windows, GOTO Windows Binary Debugging
• Else, if you care about *NIX systems, you can learn about AT&T syntax and see all of the previous code again as compiled by GCC instead

 

Windows Binary Debugging

•  Windbg tutorial
•  GOTO Learning to Fish: Read The F*n Intel Manual!

 

Looking at all those examples on Linux!

• Intel vs. AT&T assembly syntax
• Separate videos for all of the following in Linux: CallAFunction1.c, SingleLocalVariable.c, ArrayLocalVariable.c, StructLocalVariable.c, Pass1Parameter.c, TooManyParameters.c, SpecialMaths.c, GotoExample.c, IfExample.c, IfExample2.c, SwitchExample.c, BooleanBecause.c, ForLoopNoRet.c, BitmaskExample.c, ShiftExample1.c, ShiftExample2Unsigned.c, ShiftExample3Signed.c, MulDivExample.c, ArrayLocalVariable2.c, ThereWillBe0xb100d.c, JourneyToTheCenterOfMemcpy.c
• RoX0r Arcade: DarkMathemagic: BOSS LEVEL!!!So I 
• – YOU VS. GNASTY ACCUMULATOR!!!

 

Learning to Fish: Read The F*n Intel Manual!

•  Learn to read the FUN manual!

 

Learning to Fish: Writing Assembly

• Writing x86-64 assembly in Visual Studio
• Writing x86-64 assembly in GCC

 

The Most Important Assembly Exercise You’ll Ever Do: Binary Bomb Lab

• Bomb Lab Intro
• Do the Bomb Lab in either WinDbg or GDB

 

Conclusion

 

---

Go HERE to take this class as a 4-Day Buffet course.
Go HERE to take this class as a 3-Day Buffet course.
Go HERE to join just the x86-64 OS internals class.
Go HERE to join just the x86-64 Intel Firmware Attack & Defense class.