security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · web viewhere is a...
TRANSCRIPT
![Page 1: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/1.jpg)
Hands-on Learning Exercises to Accompany Chapter 4:
Assembling With VS 2008
Here is a basic helloworld.asm program in x86 assembly.
.386
.model flat, stdcalloption casemap :none
extrn MessageBoxA@16 : PROCextrn ExitProcess@4 : PROC
.data HelloWorld db "Hello There!",0
.codestart:
lea eax, HelloWorld mov ebx, 0 push ebx push eax push eax push ebx call MessageBoxA@16 push ebx call ExitProcess@4
end start
Copy and paste this a text editor and name the file helloworld.asm
There are 3 main parts to an assembly program:
1) Data
Example: Helloworld db “Hello There!”,0
2) Code – These consist of opcodes or instructionsExample lea eax, HelloWorld
Push ebx3) Directives – These tell the assembler preprocessor how to interpret and assemble. These are not considered
part of the assembly code.Extrn
![Page 2: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/2.jpg)
.386
We will be using the MASM assembler as part of Visual Studio.
To assemble and run this, in the VM, open Visual Studio 2008. Create new Project,
![Page 3: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/3.jpg)
Click OK, then next, then check the box that says Empty Project
Then click Finish.
![Page 4: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/4.jpg)
Next right-click the sources folder and go to add new item
![Page 5: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/5.jpg)
Name the new item main.asm
![Page 6: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/6.jpg)
Copy and paste the assembly from the top of this document:
![Page 7: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/7.jpg)
Right-click on the project and go to Custom Build Rules:
![Page 8: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/8.jpg)
Then check the box marked Microsoft Macro Assembler.
![Page 9: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/9.jpg)
Then go to the top toolbar: BuildBuild Solution
Then the top toolbar: DebugStart Without Debugging
![Page 10: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/10.jpg)
You have no successfully assembled and ran a win32 assembly program.
![Page 11: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/11.jpg)
![Page 12: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/12.jpg)
Now we will look at what those instructions are translated into.
Right-click the project again and go to properties.
![Page 13: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/13.jpg)
Go to Configuration PropertiesMicrosoft Macro AssemblerListing File
Then in the box titled Assembled Code Listing File, enter a file name. I chose asmListing File.
![Page 14: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/14.jpg)
You will now have to Build the project again.
![Page 15: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/15.jpg)
Right-click the folder called Source FilesAddExisting Item…
![Page 16: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/16.jpg)
![Page 17: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/17.jpg)
Click No here:
The listing file allows you to see the exact hex values that your instructions get translated into:
Here we see the instruction push ebx is represented by hex value 53.
![Page 18: security.cs.rpi.edusecurity.cs.rpi.edu/courses/malware-spring2013/asmtut1.docx · Web viewHere is a basic helloworld.asm program in x86 assembly..386.model flat, stdcall option casemap](https://reader035.vdocuments.us/reader035/viewer/2022062908/5af1061c7f8b9a8c308df979/html5/thumbnails/18.jpg)
In the next tutorial, I will show you a streamlined version of this in Cygwin.