An Introduction to Programming for Hackers Part I.pdf

(554 KB) Pobierz
War Industries Presents:
An Introduction to Programming for Hackers
Part I
By Lovepump, 2004
Visit:
www.warindustries.com
Part I – The Beginning
Intro:
What is programming? Why should I learn to code? What is a hacker?
Many of the questions and discussions on the War Industries Forums ask such
things as: “Where can I get X program to ‘hack’ my friend’s computer”, or “How
can I send a trojan to someone”. These questions indicate that the person is only
interested in using pre-made programs and possess little understanding of how
computer systems really work. They are often referred to as “script kiddies”,
“skiddies” or “skidiots”. They believe that being a hacker only entails
downloading a programming and running it.
In my opinion, a hacker is someone who is curious about how something works.
Just knowing how to operate a system (a script kiddie) is insufficient to a true
hacker. The hacker wants to know the ins and outs, nuts and bolts of the entire
thing. If you’ve ever torn apart a lawnmower, VCR, radio, or any device for that
matter, you have a hacker mind. Using duct tape to fix a car is a “hack”!
If you really want to be a hacker, you must want to understand the working guts
of a computer. What makes it tick? Why does it crash? What is a buffer
overflow? How can I tell the computer what to do?
This series will attempt to do just that.
Conventions:
The discussion and examples in this series will deal strictly with the x86
architecture. Analogies to other architectures may be made, but there are
significant differences between platforms.
All code examples will be in C and ASM. The intent is to teach C, but
some ASM is required for low level explanations of processor functions.
Code examples will be for Linux platforms, but should work as well
under “command line” MS Windows.
Comments can be made to me (Lovepump) at the WI Forums.
Watch for bold italics like this:
address.
It highlights an important term
that you need to fully understand. Don’t skip over it.
What is a program?
A computer program is a series of statements that provide step by step
instructions to a computer. A computer is not a human and cannot divine or
interpolate commands nor anticipate steps. It requires
explicit
and
concise
instructions to perform even the most basic task.
To show and example, we use the famous “Hello World” example in C:
#include <stdio.h>
int main(int argc, char *argv[]){
printf(“Hello World!\n”);
}
That’s it.
We won’t get in to the nuts and bolts yet. Just wanted to give you a taste of what
a C program looks like.
To understand more, we need to do more of a “deep dive” into the guts of what
makes a computer tick. You want to be a hacker don’t you?
Memory and Base16
Computer memory is like a series of boxes. Each box can contain a small piece of
information. In our case, each box is 1 byte, or 8 bits. That means that each box
can contain a number between 0 and 255. That’s it. It can’t contain anything
else.
Each box has a number, or
address.
The address is used to send and receive
information to each piece of memory. The addresses start at 0 and move up
sequentially to your maximum installed memory. The numbering system used
in referring to addresses is
hexadecimal, or hex.
Hex is base 16.
Huh? Base 16? Yes. The hex number system goes like this:
0 1 2 3 4 5 6 7 8 9 A B C D E F 10 11 12 13 14 15 16 17 18 19 1A …
So basically instead of “rolling digits” at 10, like the decimal system, we roll
digits at 16. So hex 10 = decimal 16. Instead of saying “hex” we will use the
notation:
0x.
So 0x0A would translate to decimal 10. 0xFF would translate to
255. Other notations for hex you might see are:
\x0A
(you’ll see this notation in
“shellcode”) or
0Ah
(‘h’ for hex).
OK, so it’s up to us to make use of a bunch of little boxes that can’t hold much
and make the computer perform miracles? Let’s carry on.
You may be thinking: “If a computer can only store little boxes with numbers
between 0 – 255, how can I calculate 100 * 100?” It is true that the computer can
only store discreet numbers from 0 – 255 (hex
– FF),
but it can combine two more
locations to form larger numbers. This is not done by adding two numbers
together, but by combining two to form a larger number. Here’s an example:
Here are two memory locations:
Address
Value (Hex)
1000
3F
1001
2C
We can see that the memory location with address 1000 stores a value of 0x3F
(decimal 63) and 1001 holds 0x2C (44 decimal). If we ask the computer to stick
the two together to make one number, we get 0x3F2C, or in decimal 16172. By
sticking two bytes we can make numbers between 0 – 65535 (0xFFFF). If we stick
four bytes together, we can represent numbers from 0 – 4294967295
(0xFFFFFFFF).
This last example is significant. Four bytes put together makes a
word
in the x86
architecture. Other processors have different word sizes. Our processor uses a
32 bit or 4 byte word size (hence the 32 bit architecture).
The values stored in memory can serve a number of purposes. You can directly
store numeric information. You can also store an address in memory that refers
to another memory location! This type of use is called a
pointer.
A pointer
doesn’t hold data, but it points to the place that holds the data.
This is an
extremely important concept in programming.
The idea of pointing to memory
is a base programming concept. Here’s an example:
Address
Value
3AF4
D2
3AF5
A4
Address
Value
D2A4
1C
In this example the values at 3AF4 and 3AF5 combine to produce an address
D2A4, which holds a value 1C. So we can directly address D2A4,
or
we can tell
the computer “the value we want is held in the box
pointed
to by 3AF4 & 5”.
Let this concept sink in. It’s important. In the real world of x86, the pointer is
one word in size, but the implementation is the same. When it comes to
programming in the later sections, the pointer size is unimportant (and invisible),
but the concept is extremely important.
The Processor (CPU)
The processor is the heart of the system. It is designed to do a couple of things:
Fetch an instruction from memory.
Execute the instruction.
Computer programs are stored in memory. RAM memory is very slow
compared to how fast modern processors can work. The processor needs its own
“memory” to save current working information locally. These memory spaces
are called
registers.
The registers are physically located in the processor itself, so
it doesn’t have to fetch anything from RAM. The processor also uses a space of
memory called the stack. More on the stack later.
There are a number of registers on an x86. For now let’s concern ourselves with
six of the registers:

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin