OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: aleph1securityfocus.com
Date: Mon Jul 23 2001 - 20:52:58 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    UNIX Assembly Codes Development For Vulnerabilities Illustration Purposes
    Last Stage of Delirium Research Group

    This technical document contains information about the specifics of writing
    assembly components for proof of concept codes on different operating
    systems/architectures. Specifically, it focuses on commercial UNIX systems:
    IRIX/MIPS, HP-UX/PA-RISC, AIX/PowerPC/POWER and Solaris/x86/Sparc. It is
    neither meant to be a complete guide to the aforementioned computer
    architectures nor it is the assembly language tutorial. It has been written
    as a result of our side-effect investigation efforts in the area of security
    research pertaining to proof of concept codes development for security
    vulnerabilities illustration purposes. Obviously, it is destined for code
    developers specializing (having/looking for an experience) in the area of
    buffer overflow and format string vulnerabilities, however it is limited only
    to these assembly parts. For information regarding general proof of concept
    codes development, please refer to other papers.

    This paper is divided into several inter-related parts. In the beginning some
    basic information about various processor architectures and their important
    characteristics is given. Next, a detailed discussion of the system call
    invocation mechanisms, which seems to be crucial for further parts, is
    presented in the context of different operating systems. It is followed by
    the introduction to coding requirements, such as writing position independent
    and zero free assembly codes. Finally, a detailed discussion of several
    assembly routines with special emphasis on their functionality is presented.
    In the appendices of this paper you will also find source codes of every
    routine for all discussed operating systems and architectures along with
    sample code of their usage.

    http://lsd-pl.net/papers.html#assembly
    http://lsd-pl.net/asmcodes.html
    http://lsd-pl.net/documents/asmcodes-1.0.2.pdf
    http://lsd-pl.net/documents/asmcodes-blackhat.ppt
    http://lsd-pl.net/projects/asmcodes-1.0.2.tar.gz 

    -- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum