Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
42 views

Practical - C Constructs in Assembly

This document provides instructions for compiling and disassembling some simple C programs to observe how C constructs such as function calls, global and local variables are represented in assembly code. It explains how to install the necessary tools, compile programs that demonstrate printf calls and variable usage, and use IDA Pro to disassemble the programs and correlate the assembly instructions with the original C code. The goal is to gain an understanding of how higher level C constructs map to lower level assembly implementations.

Uploaded by

tafadzwavictor.chipere
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
42 views

Practical - C Constructs in Assembly

This document provides instructions for compiling and disassembling some simple C programs to observe how C constructs such as function calls, global and local variables are represented in assembly code. It explains how to install the necessary tools, compile programs that demonstrate printf calls and variable usage, and use IDA Pro to disassemble the programs and correlate the assembly instructions with the original C code. The goal is to gain an understanding of how higher level C constructs map to lower level assembly implementations.

Uploaded by

tafadzwavictor.chipere
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

CTMSDFIS SII P3 - MALWARE ANALYSIS AND FORENSICS Practical: C Constructs in Assembly

C Constructs in Assembly
Purpose
To compile several C programs and disassemble them with IDA Pro.

Installing Visual C++ Build Tools


These are already included in the "Windows 10 w Tools" VM. If you are using some other
machine, see these instructions to install them:

https://www.bowneconsultingcontent.com/pub/EH/proj/cloud/ED301c_tkp/ED301c_
tkp.htm

Downloading and Installing IDA Pro Free


These are already included in the "Windows 10 w Tools" VM. If you are using some other
machine, open this page:

https://www.hex-rays.com/products/ida/support/download_freeware.shtml

Click the "IDA Freeware for Windows" link, as shown below.

School of Cyber Security and Digital Forensics, NFSU – Gandhinagar Page 1


Prepared by: Dr. Parag Shukla – Assistant Professor parag.shukla@nfsu.ac.in
CTMSDFIS SII P3 - MALWARE ANALYSIS AND FORENSICS Practical: C Constructs in Assembly

Install the software with the default options.

Compiling "Print"
Click Start. Scroll to the V section and expand "Visual Studio 2019". Click "Developer
Command Prompt for VS 2019".

In the Developer Command Prompt window, execute these commands:

mkdir c:\decomp
cd c:\decomp
notepad print.cpp
Enter this code:
#include <iostream>
using namespace std;
void main() {
printf("%d %s\n", 2, "HELLO");
}

In Notepad, click File, Save.

School of Cyber Security and Digital Forensics, NFSU – Gandhinagar Page 2


Prepared by: Dr. Parag Shukla – Assistant Professor parag.shukla@nfsu.ac.in
CTMSDFIS SII P3 - MALWARE ANALYSIS AND FORENSICS Practical: C Constructs in Assembly

In the Developer Command Prompt window, execute these commands:

cl print.cpp
print
The program runs, and prints out

2 HELLO

as shown below.

Disassembling the printf Function Call


Open IDA Pro Free.

In the "IDA Quick start" box, click the New button, as shown below.

School of Cyber Security and Digital Forensics, NFSU – Gandhinagar Page 3


Prepared by: Dr. Parag Shukla – Assistant Professor parag.shukla@nfsu.ac.in
CTMSDFIS SII P3 - MALWARE ANALYSIS AND FORENSICS Practical: C Constructs in Assembly

Click on New, In the "Select file" box, navigate to C:\decomp and double-click print.

In the "Load a new file" box, click OK.

IDA opens, showing some of the code that launches print, as shown below.

School of Cyber Security and Digital Forensics, NFSU – Gandhinagar Page 4


Prepared by: Dr. Parag Shukla – Assistant Professor parag.shukla@nfsu.ac.in
CTMSDFIS SII P3 - MALWARE ANALYSIS AND FORENSICS Practical: C Constructs in Assembly

From the IDA manu bar, click View, "Open subviews", Strings. In the Strings pane, double-
click HELLO, as shown below.

The address in the rdata section where that string is stored appears, as shown below. On the
right side, point to the address labelled "DATA XREF". The code that uses this string appears
in a pop-up box, as shown below.

Double-click the address labelled "DATA XREF". The assembly code appears, as shown below.

The assembly code in the green box performs this C command:


printf("%d %s\n", 2, "HELLO");

The three argument are pushed onto the stack in reverse order, and then the function is
called.

School of Cyber Security and Digital Forensics, NFSU – Gandhinagar Page 5


Prepared by: Dr. Parag Shukla – Assistant Professor parag.shukla@nfsu.ac.in
CTMSDFIS SII P3 - MALWARE ANALYSIS AND FORENSICS Practical: C Constructs in Assembly

Global and Local Variables


In the Developer Command Prompt window, execute these commands:
cd c:\decomp
notepad glob.cpp
Enter this code:
#include <iostream>
using namespace std;

int g=2; // GLOBAL VARIABLE

void main()
{
int l = 3; // LOCAL VARIABLE
printf("%d %d\n", g, l);
}

School of Cyber Security and Digital Forensics, NFSU – Gandhinagar Page 6


Prepared by: Dr. Parag Shukla – Assistant Professor parag.shukla@nfsu.ac.in
CTMSDFIS SII P3 - MALWARE ANALYSIS AND FORENSICS Practical: C Constructs in Assembly

In Notepad, click File, Save.

In the Developer Command Prompt window, execute these commands:

cl glob.cpp
glob
The program runs, and prints out

23

as shown below.

School of Cyber Security and Digital Forensics, NFSU – Gandhinagar Page 7


Prepared by: Dr. Parag Shukla – Assistant Professor parag.shukla@nfsu.ac.in
CTMSDFIS SII P3 - MALWARE ANALYSIS AND FORENSICS Practical: C Constructs in Assembly

Disassembling glob
In IDA Pro, from the menu bar, click File, Open.

In the "Save database" box, check "DON'T SAVE the database" and click OK.

In the "Select file" box, navigate to C:\decomp and double-click glob.

In the "Load a new file" box, click OK.

IDA opens, showing the launcher.

From the IDA manu bar, click View, "Open subviews", Strings.

In the Strings pane, double-click "%d %d\n", as shown below.

School of Cyber Security and Digital Forensics, NFSU – Gandhinagar Page 8


Prepared by: Dr. Parag Shukla – Assistant Professor parag.shukla@nfsu.ac.in
CTMSDFIS SII P3 - MALWARE ANALYSIS AND FORENSICS Practical: C Constructs in Assembly

On the right side, point to the address labelled "DATA XREF". The code that uses this string
appears in a pop-up box, as shown below.

Double-click the address labelled "DATA XREF". The assembly code appears, as shown below.
Notice these features:

• The Local variable on the stack at address ebp+var_4


• The Global variable at address 41B000 (your address may be different)

School of Cyber Security and Digital Forensics, NFSU – Gandhinagar Page 9


Prepared by: Dr. Parag Shukla – Assistant Professor parag.shukla@nfsu.ac.in

You might also like