64-bit Intel Assembly Language Programming for Hackers

Presented at DEF CON 32 (2024), Aug. 8, 2024, 2 p.m. (240 minutes).

Assembly language has a reputation for being intimidating, but once you learn the basics--and know how to read the documentation for the rest--there's nothing you can't follow. There are many interesting fields of study in computer security that depend on the ""closer to the metal"" knowledge you'll gain from learning to code in assembly: - Software reverse engineering - Vulnerability and exploit research - Malware/implant development - Digital forensics ...among others. There is no substitute for the confidence that you gain from being able to research and understand computer systems at lower levels of abstraction. The purpose of this workshop is to introduce Intel x64 assembly language to the attendees. We will be using the Microsoft Macro Assembler, and we will be examining our code step-by-step in the x64dbg debugger. No prior programming experience is required--we will be working on things from first principles. There will be few slides. Concepts will be presented primarily within the x64dbg environment, with a focus on experimentation and using primary documentation. Attendees can follow along with their own laptops and programming environments. We will cover the following topics: - Assembling and linking code - The execution environment of x64 programs - Memory - Registers - A wide variety of instructions - Addressing modes - How to read instruction documentation in the Intel manuals - Moving data around - Stack operations - x64 ABI and calling conventions - Representing data - Integer math - Program flow: conditional execution, loops - Leveraging the Windows API - How to read MSDN articles on Windows API functions - Resources for reference and future learning

Presenters:

• Wesley McGrew - Senior Cybersecurity Fellow at MartinFederal
  Dr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.

Similar Presentations:

• DeepSec 2014 „Do you want to know more?“ / Understanding x86-64 Assembly for Reverse Engineering and Exploits
• DerbyCon 3.0 All in the Family (2013) / Hello ASM World: A Painless and Contextual Introduction to x86 Assembly
• DEF CON 31 (2023) / The Joy of Reverse Engineering: Learning With Ghidra and WinDbg Workshop