{"id":1010,"date":"2008-09-22T11:33:45","date_gmt":"2008-09-22T11:33:45","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=1010"},"modified":"2017-09-22T14:25:27","modified_gmt":"2017-09-22T06:25:27","slug":"modern-exploits-do-you-still-need-to-learn-assembly-language-asm","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2008\/09\/modern-exploits-do-you-still-need-to-learn-assembly-language-asm\/","title":{"rendered":"Modern Exploits &#8211; Do You Still Need To Learn Assembly Language (ASM)"},"content":{"rendered":"<p>This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn <a href=\"http:\/\/en.wikipedia.org\/wiki\/Assembly_language\">Assembly Language<\/a> or not?<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/farm3.staticflickr.com\/2914\/14378980263_befb08f6f1.jpg\" alt=\"Assembly Language\" \/><\/p>\n<p>For those that aren&#8217;t what it is, it&#8217;s pretty much the lowest level programming languages computers understand without resorting to simply 1&#8217;s and 0&#8217;s.<\/p>\n<blockquote><p>An assembly language is a low-level language for programming computers. It implements a symbolic representation of the numeric machine codes and other constants needed to program a particular CPU architecture. This representation is usually defined by the hardware manufacturer, and is based on abbreviations (called mnemonics) that help the programmer remember individual instructions, registers, etc. An assembly language is thus specific to a certain physical or virtual computer architecture (as opposed to most high-level languages, which are usually portable).<\/p><\/blockquote>\n<p>The mnemonics looks like <code>MOV JMP<\/code> and <code>PSH<\/code>.<\/p>\n<p>In straight forward terms the answer is <strong>yes<\/strong>, especially if you want to operate on a more advanced level. If you wish to write exploits you need assembly knowledge, there is plenty of great shellcode around but to get your exploit to the point where you can execute the shellcode you need assembly knowledge. <a href=\"https:\/\/www.darknet.org.uk\/tag\/metasploit\/\">Metasploit<\/a> is a great resource for the shellcode and to shovel in your exploit, but to understand the inner executions and workings of any binary you need to understand assembly.<\/p>\n<p>You might be able to fuzz out an overflow in some software using a pre-written python <a href=\"https:\/\/www.darknet.org.uk\/tag\/fuzzer\/\">fuzzer<\/a>, but what are you going to do then &#8211; you need to at least understand the stack\/heap and EIP\/ESP etc.<\/p>\n<p>Even if you don&#8217;t plan to be that hardcore learning Assembly really won&#8217;t hurt at all, a great place to start is the <a href=\"http:\/\/www.drpaulcarter.com\/pcasm\/\">PC Assembly Language book by Paul Carter<\/a>.<\/p>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<blockquote><p>The tutorial has extensive coverage of interfacing assembly and C code and so might be of interest to C programmers who want to learn about how C works under the hood. All the examples use the free NASM (Netwide) assembler. The tutorial only covers programming under 32-bit protected mode and requires a 32-bit protected mode compiler. <\/p><\/blockquote>\n<p>If you are specialising though you&#8217;ll be looking more into the realm of <a href=\"https:\/\/www.darknet.org.uk\/2007\/08\/immunity-debugger-v10-immdbg-release-download-it-now\/\">debuggers<\/a>, disassemblers and reverse engineering &#8211; <a href=\"http:\/\/en.wikipedia.org\/wiki\/SoftICE\">SoftICE<\/a> was king back in the day.<\/p>\n<p>Another great resource is <a href=\"http:\/\/win32assembly.programminghorizon.com\/tutorials.html\">Iczelion&#8217;s Win32 Assembly Homepage<\/a> which has a bunch of tutorials, source code examples and links.<\/p>\n<p>As many say Assembly is easy to learn but hard to MASTER.<\/p>\n<p>I started out with <a href=\"http:\/\/amzn.to\/2fEKVTm\" rel=\"nofollow\">The Art of Assembly<\/a> &#8211; and I suggest you do too.<\/p>\n<p>Some other resources:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.osdata.com\/topic\/language\/asm.htm\">OSData Assembly Language<\/a><\/li>\n<li><del datetime=\"2014-06-06T12:37:26+00:00\">smit Assembly Tutorial<\/del><\/li>\n<li><a href=\"http:\/\/stuff.pypt.lt\/ggt80x86a\/asm1.htm\">Gavin&#8217;s Guide to 80&#215;86 Assembly<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not? For those that aren&#8217;t what it is, it&#8217;s pretty much the lowest level programming languages computers understand without resorting to simply 1&#8217;s [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"Do you need to learn Assembly Language or not? If you want to develop exploits? Yes you do. And well if you want to be a real pro - just learn it.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[10,29],"tags":[1281,2273,295,56,296,3281],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/1010"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=1010"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/1010\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=1010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=1010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=1010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}