SLAE - 32 bit Linux

Question 1

What are the diff processors?

Answer 1

intel, ARM, MIPS

Question 2

Intel Architecture

Answer 2

IA-32 and IA-64

Question 3

What are the diff components of a CPU?

Answer 3

Control Unit > Execution Unit which uses Registers and Flags

Question 4

What does the control unit do?

Answer 4

Retrieve/decode instructions, retrieve/store data in memory

Question 5

What is the execution unit within the CPU?

Answer 5

Actual execution of instructions happens here

Question 6

What is the purpose of registers and flags?

Answer 6

Registers are internal memory locations used as ‘variables’.

Flags are used to indicate various ‘events’ during execution.

Question 7

What are the different IA-32 registers?

Answer 7

General purpose regs  
Segment regs
Flags and EIP
Floating Point Unit regs
MMX regs
XMM regs

Question 8

There are 4 different general purpose regs in IA-32. What are they?

Answer 8

EAX (32 bits wide)
Accumulator register and is used to store operand and result data
EBX (32 bits wide)
Base register which contains pointer to data
ECX (32 bits wide)
Counter register
EDX (32 bits wide)
Data register
ESP (32 bits wide)
Stack pointer register
EBP (32 bits wide)
Stack Data pointer register
ESI (32 bits wide)
Data pointer regs for memory locations
EDI (32 bits wide)
Data pointer regs for memory locations

Question 9

Decompose the IA-32 general purpose regs.

Answer 9

EAX (32 bits) = AX (16 bits) = AL (0-7) and AH (8-15)
EBX, ECX and EDX all work the same way.
ESP (32 bits) = SP (0-15) (16 bits)
EBP (32 bits) = BP (0-15) (16 bits)
ESI (32 bits) = SI (0-15) (16 bits)
EDI (32 bits) = DI (0-15) (16 bits)

Question 10

What are the different segment registers?

Answer 10

They are all 16 bits wide!
CS (Code) 
DS (Data)
SS (Stack)
ES (Data)
FS (Data)
GS (Data)

Question 11

What are some examples of the different flag registers?

Answer 11

Parity flag
Zero flag
Carry flag

Question 12

SIMD?

Answer 12

Single Instruction Multiple Data

Question 13

MMX and XMM

Answer 13

MMX are carved out of FPU regs and are 64 bits wide.

XMM are 128 bits wide!

Question 14

GDB syntax - 1

Answer 14

#shows all the register info
info registers
#to see all floating point registers
info all-registers
#print the value of EAX and AX registers
display /x $eax
display /x $ax
#command to disassemble code
disassemble $eip
disassemble main
#gdb assembly syntax
#Default is att syntax in linux. Change that to intel syntax
set disassembly-flavor intel

Question 15

What are the diff CPU modes for IA-32?

Answer 15

Real mode  (kernel and user priv levels not possible)
Protected Mode (priv level possible)
System management mode (used for power management tasks)

Question 16

What are the 3 diff memory models?

Answer 16

Flat memory model
Segmented memory model
Real-address mode model

Question 17

What mode and memory model does 32 bit linux use?

Answer 17

Protected mode and flat memory model

Question 18

Process organization in memory.

Answer 18

cat /proc//maps
#within GDB to view process mappings, run the following command
info proc mappings
pmap -d

Question 19

What are the different steps to gen an exe from an assembly program?

Answer 19

NASM + LD (for assembling and linking)

Exe in ELF format!

Question 20

Helloworld.asm explain.

Answer 20

; Helloworld.asm
;Author Veer Singh

global _start

section .text
_start: 
 'write interrupt value is 4
 mov eax, 0x4
 ;stdout whose value is 1
 mov ebx, 0x1
 ; contains a pointer to the hello worls string
 mov ecx, message
 ; contains the length of the 'message' string
 mov edx, 12
;mov edx, mlen
; this interrupt will invoke the print sys call
int 0x80 
mov eax, 0x1
mov ebx, 0x5
; this interrupt will invoke the sys to exit with the error code 5
int 0x80

;db stands for define byte
section .data
message: db “Hello World!”
; could also do this: ; or you could do mlen equ $-message

Question 21

How do system calls work?

Answer 21

User space program generates an interrupt “0x80”
The CPU then checks the interrupt handlers table and invokes the system call handler
The system call handler is a kernel mode program and it figures out which particular system call routine is of interest
For instance read and write system calls are diff and hence have diff routines
All these system calls are defined in the file: /usr/include/i386-linux-gnu/asm/unistd_32.h

Question 22

Compile the hellowolrd.asm assembly code. Steps?

Answer 22

nasm -f elf32 -o Helloworld.o Helloworld.asm
ld -o Helloworld Helloworld.o
./Helloworld.o
#to check the return value of the program you can do
echo $?

Question 23

What are the fundamental data types?

Answer 23

byte - 8 bits
word - 16 bits
double word - 32 bits
quad word - 64 bits
double quad word - 128

Question 24

Signed and unsigned double word?

Answer 24

Signed - 31 bits for value and the 32nd bit for the sign

Unsigned for all 32 bits

Question 25

``` Given message db oxaa, oxbb, oxcc, oxdd What is the diff between the two? mov eax, message mov eax, [message] ```

Answer 25

mov eax, message Moves the address that contains the values of message into eax mov eax, [message] Moves the value of "message" into eax

Question 26

How do you define initialized data in NASM?

Answer 26

``` Data in NASM can be defined as: db 0x55 db 'a', 0x55 db 'hello', 13 dw 'a' ; 0x61 0x00 dw 'abc' ; 0x61 0x62 0x63 0x00 dd 1.23456 ; floating point constant dq 0x12345 ; eight byte constant dq 1.23456e32 ; double precision float dt 1.2345345e2 ; extended precision float ```

Question 27

How do you declare uninitialized data in NASM?

Answer 27

resb 64 ; reserve 64 bytes | resw ; reserve a word

Question 28

What are the NASM special token?

Answer 28

These are used to define the current offset in assembly $ - evaluates to the beginning of the current line message db 'hello, world' msglen equ $-message jmp $ (jump to the same location. Infinite loop) times 64 db 0 (repeat 'db 0' 64 times) times 100 movsb (repeat movsb 100 times) $$ - evaluates to the beginning of the current section

Question 29

What is little endian in IA-32 architecture?

Answer 29

``` EAX = 0a0b0c0d The value of this register is stored in memory with the least significant byte in the lowest memory address. Memory Address || Value of EAX a || 0d a+1 || 0c a+2 || 0b a+3 || 0a ```

Question 30

How do you configure GDB to execute a series of commands after a change in EIP?

Answer 30

define hook-stop

Question 31

What is EBP used for?

Answer 31

EBP is a pointer to the top of the stack when a function is first called

Question 32

What could assembly cmds such as rep; repnz; repz; be used for?

Answer 32

These instructions could be part of the assembly equivalent of high level functions such as len() etc.