reverse engineering part 1

Question 1

decribe the ways data can be code and how it can be attacked

Answer 1

attacks trick program into accepting data which is code
e.g sql injections and XSS

Question 2

describe how code can be data

Answer 2

executable code is written/modified like any document so attacker can end up doing what they want to the program

this is reverse engineering

Question 3

what is the definifiton of reverse engineering

Answer 3

process of analysing the software to understand its functionality without access to source code

low level programs are analysed, functionality can be altered and protecteions can be taken away

good protections can also slow this process down and not fully stop it

Question 4

goals of reverse engineering

Answer 4

security research
learning how compilers and systems work
debuggers and preformance optimisation

Question 5

describe to be binaries in systems

Answer 5

systems have different binary formats

Question 6

how is a c programme transformed into an executable binary

Answer 6

a compiler

Question 7

what does a compiler do to a C programme

Answer 7

transforms it into an executable binary

Question 8

what does a binary contain

Answer 8

machine code instructions

Question 9

do systems have different binary formats

Answer 9

yes

Question 10

can CPUs support different instruction sets

Answer 10

yes

Question 11

what is a debugger

Answer 11

programme that debugs other programmes

Question 12

what processes can you do using a debugger

Answer 12

can halt or run target programme at any point
step through code line by line
display or alter contents of memory, CPU registers and stack frames

Question 13

what is a dissembler

Answer 13

programmes that converts machine code into assembly language

Question 14

describe what dissembler does to machine code

Answer 14

machine code is in binary representation , it converts it to low level programming language representation

Question 15

what is a decompiler

Answer 15

programme that converts machien code to high level programming language ( e.g c# code )

Question 16

when c programme is put through compiler what does it become

Answer 16

x86-64 binary

Question 17

when x86-64 binary is decompiled what does it become

Answer 17

C PROGRAMME

Question 18

when x86-64 binary us disassembled what does it become

Answer 18

x86-64 Assembly

Question 19

what is assembly

Answer 19

machine code in deterministic mapping

Question 20

what are registers

Answer 20

small but fast units of storage for the CPU

Question 21

what is memory

Answer 21

larger chunks of data , referenced by address
contains code , heap and stack.

Question 22

what are the two types of registers

Answer 22

general purpose registers
special purpose registers

Question 23

what are general purpose registers used for

Answer 23

they are used for computation

Question 24

what are special purpose registers used for

Answer 24

store instruction pointers (program counter) etc

Question 25

what does SPL stand for

Answer 25

stack pointer

Question 26

what does BPL stand for

Answer 26

base pointer

Question 27

what is register aliasing

Answer 27

registers RAX,EAX,AX,AH,AL all describe different parts of the same memory cell

Question 28

what bits do each register stand for RAX EAX AX AH AK

Answer 28

RAX - 64 bits EAX - 32 bits AX - 16 bits AL - lower 8 bits AH - higher 8 bits

Question 29

what does mov dst, src do

Answer 29

moves data from source (src) to destination (dst)

Question 30

what does push src do

Answer 30

push onto source (src) stack

Question 31

what does pop dst do

Answer 31

pops value from stack and stores it in destination (dst)

Question 32

what does add dst, src do

Answer 32

dst += src

Question 33

what does sub dst, src do

Answer 33

dst -= src

Question 34

what does imul dst, src do

Answer 34

dst *= src

Question 35

after arithmetic operations 3 fags are set , what are they?

Answer 35

ZF: zero flag, sets to 1 if result is negative SF: sign flag, sets to 1 if result is negative OF: overflow flag, sets to 1 if operation has overflowed

Question 36

what does the zero flag do

Answer 36

sets to 1 if result is 0

Question 37

what does the sign flag do

Answer 37

sets to 1 if result is negative

Question 38

what does the overflow flag do

Answer 38

sets to 1 if operation has overflowed

Question 39

what does jmp label stand for

Answer 39

jump to label

Question 40

what does call fn stand for

Answer 40

pushes instruction pointer into stack and jumps to function and always has a return statement

Question 41

what does ret stand for

Answer 41

pops ip from stack

Question 42

what does cmp a,b stand for

Answer 42

calculates b-a and set flags

Question 43

what does test a,b stand for

Answer 43

calculate a&b and sets flags

Question 44

what does je label stand for

Answer 44

jumps to Label if flag zero is set

Question 45

what does jne label stand for

Answer 45

jumps to label if zero flag is not set

Question 46

what does nop label stand for

Answer 46

No-op instruction , does not do anything

Question 47

what does and dst,src stand for

Answer 47

dst &= src

Question 48

what does or dst,src stand for

Answer 48

dst |= src

Question 49

what does xor dst,src stand for

Answer 49

dst ^= src

Question 50

what do square brackets indicate Direct Memory Access: [address]

Answer 50

they indicate the operand is a memory address instead of a direct value or register

Question 51

what are the dofferent ways of memory addresses