Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

UNIX Assembly Codes Development For Vulnerabilities Illustration Purposes

From: aleph1 () securityfocus com
Date: Mon, 23 Jul 2001 19:52:58 -0600
UNIX Assembly Codes Development For Vulnerabilities Illustration Purposes
Last Stage of Delirium Research Group

This technical document contains information about the specifics of writing 
assembly components for proof of concept codes on different operating 
systems/architectures. Specifically, it focuses on commercial UNIX systems: 
IRIX/MIPS, HP-UX/PA-RISC, AIX/PowerPC/POWER and Solaris/x86/Sparc. It is 
neither meant to be a complete guide to the aforementioned computer 
architectures nor it is the assembly language tutorial. It has been written 
as a result of our side-effect investigation efforts in the area of security 
research pertaining to proof of concept codes development for security 
vulnerabilities illustration purposes. Obviously, it is destined for code 
developers specializing (having/looking for an experience) in the area of 
buffer overflow and format string vulnerabilities, however it is limited only 
to these assembly parts. For information regarding general proof of concept 
codes development, please refer to other papers.

This paper is divided into several inter-related parts. In the beginning some 
basic information about various processor architectures and their important 
characteristics is given. Next, a detailed discussion of the system call 
invocation mechanisms, which seems to be crucial for further parts, is 
presented in the context of different operating systems. It is followed by 
the introduction to coding requirements, such as writing position independent 
and zero free assembly codes. Finally, a detailed discussion of several 
assembly routines with special emphasis on their functionality is presented. 
In the appendices of this paper you will also find source codes of every 
routine for all discussed operating systems and architectures along with 
sample code of their usage.

http://lsd-pl.net/papers.html#assembly
http://lsd-pl.net/asmcodes.html
http://lsd-pl.net/documents/asmcodes-1.0.2.pdf
http://lsd-pl.net/documents/asmcodes-blackhat.ppt
http://lsd-pl.net/projects/asmcodes-1.0.2.tar.gz

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Previous By Date Next
Previous By Thread Next

Current thread: