[21803] in bugtraq
UNIX Assembly Codes Development For Vulnerabilities Illustration Purposes
daemon@ATHENA.MIT.EDU (aleph1@securityfocus.com)
Mon Jul 23 22:25:49 2001
Date: Mon, 23 Jul 2001 19:52:58 -0600
From: aleph1@securityfocus.com
To: secpapers@securityfocus.com
Cc: vuln-dev@securityfocus.com
Message-ID: <20010723195258.X22221@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Resent-From: aleph1@securityfocus.com
Resent-To: bugtraq@securityfocus.com
UNIX Assembly Codes Development For Vulnerabilities Illustration Purposes
Last Stage of Delirium Research Group
This technical document contains information about the specifics of writing
assembly components for proof of concept codes on different operating
systems/architectures. Specifically, it focuses on commercial UNIX systems:
IRIX/MIPS, HP-UX/PA-RISC, AIX/PowerPC/POWER and Solaris/x86/Sparc. It is
neither meant to be a complete guide to the aforementioned computer
architectures nor it is the assembly language tutorial. It has been written
as a result of our side-effect investigation efforts in the area of security
research pertaining to proof of concept codes development for security
vulnerabilities illustration purposes. Obviously, it is destined for code
developers specializing (having/looking for an experience) in the area of
buffer overflow and format string vulnerabilities, however it is limited only
to these assembly parts. For information regarding general proof of concept
codes development, please refer to other papers.
This paper is divided into several inter-related parts. In the beginning some
basic information about various processor architectures and their important
characteristics is given. Next, a detailed discussion of the system call
invocation mechanisms, which seems to be crucial for further parts, is
presented in the context of different operating systems. It is followed by
the introduction to coding requirements, such as writing position independent
and zero free assembly codes. Finally, a detailed discussion of several
assembly routines with special emphasis on their functionality is presented.
In the appendices of this paper you will also find source codes of every
routine for all discussed operating systems and architectures along with
sample code of their usage.
http://lsd-pl.net/papers.html#assembly
http://lsd-pl.net/asmcodes.html
http://lsd-pl.net/documents/asmcodes-1.0.2.pdf
http://lsd-pl.net/documents/asmcodes-blackhat.ppt
http://lsd-pl.net/projects/asmcodes-1.0.2.tar.gz
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
