Introduction + review of binary analysis

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/29

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 11:13 AM on 4/19/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

30 Terms

1
New cards

Why do you need to understand exactly how a system works?

Understanding exactly what rules it follows and how they are enforced allows you to understand the system better than the people that made it and find incorrect assumptions that can be exploited

2
New cards

Why do multi layered systems make exploitation easier?

People make assumptions about the layer below

3
New cards

Binaries are written in

assembly

4
New cards

What level of code are binaries written in?

Much lower level than Java byte code

5
New cards

Assembly compiled for one type of machine

won’t run on another

6
New cards

The x86-64 architecture

<p></p>
7
New cards

The stack

  • Last in, first out

  • Can read and write to the top of the stack

8
New cards

Sub parts of registers can be addressed

directly

<p>directly</p>
9
New cards

x86 to x86-64 (x64) is a size difference of

32 to 64 bit (x64 is twice as long)

10
New cards

x86 to x86-64 (x64) registers have

a range of different names

11
New cards

In x86, function arguments are passed

onto the stack

12
New cards

Arguments in x64

  • The first 6 are passed into registers

  • The rest are passed onto the stack

13
New cards

Command: MOV

Move value between registers

14
New cards

Command: MOVxy

Move value of different lengths

15
New cards

Command: CALL

Execute a function

16
New cards

Command: RET, RETN, RETF

End a function and restart calling code

17
New cards

Command: CMP, TEST

Compare two values

18
New cards

Command: JE, JNE, JLE

Jump based on comparison

19
New cards

Command: LEA

Like MOV, but can evaluate arguments

20
New cards

Command: [ ]

Value at a memory location

21
New cards

MOV RAX RBX

Move value in RBX to RAX

22
New cards

MOV [RAX] RBX

Move value in RBX to address RAX points at

23
New cards

MOV RAX [RBX]

Move value RBX is pointing at to RAX

24
New cards

MOV [RAX] [RBX]

CPUs are physically unable to do this

25
New cards

Linux function calling conventions: Arguments

Put into registers:

  • RDI, RSI, RDX, RCX, R8, R9, and then stack

  • XMM0, XMM1, …, XMM7 for floating point numbers

26
New cards

Linux function calling conventions: Results

Return in RAX (and RDX) or XMM0 and XMM1

27
New cards

Linux function calling conventions: fow does the Function called makes new stack space?

Updating RSP and RPB, the instruction pointer and old RBP are stored on the stack for when the function returns

28
New cards

Windows function calling conventions: Registers

Arguments are in:

  • RCX, RDX, R8, R9

  • XMM0, XMM1, XMM2, XMM3

29
New cards

Patching

Changing values or commands in a binary

30
New cards

While patching, commands must be overwritten

in place - space cannot easily be added