Assembly Language Programming for Reverse Engineering

July 29, 2023 Courses
Assembly Language Programming for Reverse Engineering

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 83 lectures (12h 29m) | 8.78 GB

Understand assembly code and modify exe files to add new functionality using x64dbg

If you have been using debuggers to reverse engineer programs but wished you had more understanding of Assembly Language, then this course is for you. We will cover enough assembly language to allow you to understand how to modify exe files to insert your own code or, to modify existing exe files to do things which it was not intended to do.

Traditionally, assembly language programming is taught using an assemblers like NASM or FASM. But learning it that way will not give you the skills to understand reverse engineered programs. There is a missing link (knowledge gap) of how to apply your assembly knowledge to modify programs. This course fills that knowledge gap.

Instead of using an assembler, we will directly use the x64dbg debugger to learn assembly language. That is right, we will write our own assembly code inside the x64dbg debugger itself. You will learn Assembly Language from the ground up with zero knowledge as a complete beginner.

We will use techniques that allow you to:

  • modify existing code
  • overwrite existing code
  • modify memory segments to insert data
  • create new functions
  • exploit code caves
  • add new functionality to existing programs
  • and more…

This black art is not widely taught and there are no existing courses elsewhere that puts together coherently all the knowledge of assembly and reverse engineering. Mostly what you will find are separate courses on Assembly and Reverse Engineering. Many courses on Reverse Engineering don’t cover the background assembly language from a software hacker’s perspective. And almost all Assembly Language courses teach you how to write programs from scratch, instead of how to modify existing programs to add new functionality with your own code using a debugger like x64dbg.

The knowledge you gain will be your added advantage either as a security researcher, or, malware analyst, or student of software security. It will also benefit programmers who want to know how programs run internally and how to extend program functionality if you do not have the source code.

What you’ll learn

  • Assembly Language Basics
  • Reverse Engineering
  • xdbg debugging basics
  • Modifying programs
  • Injecting code into exe files
  • Hollowing out an exe file
  • CPU registers
  • Basic Addition
  • INC, DEC, MUL and DIV instructions
  • Accessing main memory (RAM)
  • The Stack
  • Function Calls
  • Input and Output Functions
  • Code Caves
  • Functions that returns a value
  • The Flags Register
  • Jumps
  • Compare Instructions
  • Structured Programming
  • Signed Operations
  • and more . . .
Table of Contents

Introduction
1 Installing the tools
2 Binary and Hexadecimal Number Systems

Basic Skills
3 Introduction to xdbg debugger
4 Debugger Stepping Basics
5 How to hollow out an exe file

Registers
6 Introduction to CPU registers
7 The MOV Instruction

Basic Addition
8 Addition using full registers
9 Addition of partial registers
10 Subtraction

INC, DEC, MUL and DIV instructions
11 INC and DEC Instructions
12 MUL Instructions
13 DIV Instructions
14 DIV Exercises

Accessing main memory (RAM)
15 Register to memory and memory to register
16 MOV to memory and direct memory patching techniques
17 Memory Exercise

The Stack
18 Pushing register values to the stack
19 Popping stack values to registers
20 How to push Constants and Strings to the Stack

Function calls
21 Introduction to function calls
22 Function call with 2 parameters
23 Exercise Function calls with 2 parameters
24 Exercise Function calls with 3 parameters

Input and Output functions
25 Intro to input output in assembly
26 How to read in numbers and output it again
27 How to read in strings and output it back to user

Code Caves
28 Introduction to Code Caves
29 A simple code cave
30 Code Cave Hello
31 Exercise Get Firstname, Lastname

Calculator Project
32 Project description
33 Designing the solution
34 Coding the calculator

Functions that returns a value
35 Introduction to functions that returns a value
36 Exercise on strlen() function

The Flags Register
37 Intro to the Flags Register and the ZF flag
38 The SF Flag
39 The CF Flag
40 The OF Flag
41 Which flag to look OF or CF

Jumps
42 Introduction to Jumps and JZ
43 JNZ jump
44 JZ Loops
45 JNZ Loops
46 Other conditional jumps

CMP instructions
47 Introduction to compare instructions
48 Practical on the CMP instructions
49 Comparing unsigned and signed numbers

Structured Programming
50 Introduction to Structured Programming and If-Else Statements
51 For Loops
52 While Loops
53 Break out of Loops
54 Graph view, Trace Animate and Principles of Jumps

Signed Operations
55 NEG instruction
56 Signed and Unsigned Extensions
57 Practical on signed and unsigned extensions
58 Converting Bytes and Words Using CBW and CWDE
59 Converting Bytes and Words Using CWD and CDQ
60 IMUL and IDIV
61 Example of IDIV

Bitwise Operations
62 Introduction to Boolean Algebra
63 Bitwise Instructions
64 Arithmetic Shifting
65 Rotate Instructions
66 Exercise on bitwise operations

Memory Arrays
67 Introduction to memory arrays
68 A practical on memory arrays
69 Introduction to the LEA instruction
70 A simple LEA implementation
71 LEA with counter
72 LEA with loop

Data Structures
73 Intro to Data Structures
74 Hands on practical on data structs

String Instructions
75 Introduction to String Instructions
76 The Direction Flag (DF flag)
77 LODS Instructions
78 Exercise LODS Adder
79 The MOVS Instructions
80 The REP Instruction
81 The SCAS Instructions
82 The CMPS Instructions

Resources for further study
83 Bonus Lecture

Homepage

Resolve the captcha to access the links!