Commit 653bd234 authored by Chris James's avatar Chris James

updated slides with notes and README

parent f4eb9603
......@@ -12,5 +12,7 @@ Each of the folders comes with a set of questions and answers, and a walkthrough
Early on, most of the files are sitting in the same folder as the binary itself, but in later stages I've placed one or more of the files in ".zip" archives to dissuade you from looking at them too quickly, and rather to try a little harder before looking at the answers/solution.
If you've only the PDF version of the slides, make sure to check out the last two pages for references and notes about each slide's topics. The notes are also available on the presentation slides at https://docs.google.com/presentation/d/1vJWsVZnpD25jqLQWeLvDXZSD2MMM5_tyBAqfWnaIx-c/edit?usp=sharing .
Please don't hesitate to contact me at tobaljackson@binarystud.io with any questions, comments, or suggestions about any of this! I hope you enjoy this as much as I have in making it, and wish you luck on your road to understanding. Happy hacking!
The presentation on google has notes on every slide with resources concerning the various aspects of reversing:
https://docs.google.com/presentation/d/1vJWsVZnpD25jqLQWeLvDXZSD2MMM5_tyBAqfWnaIx-c/edit
But I've also compiled a list of the notes and which slides they're from:
0x11: Compiling source
Working with Hexadecimal: https://learn.sparkfun.com/tutorials/hexadecimal
High-level article on compilers: https://en.wikipedia.org/wiki/Compiler
Commands Used: cat, gcc
0x12: Looking at the Binary
What is File Magic?: https://en.wikipedia.org/wiki/Magic_number_(programming)#Format_indicator
Commands used: file, strings, xxd, less, objdump, grep,
For help with these commands, just use `man <command>` to show the manual pages.
For information on how linux PIPES (“|”) work, check out: https://superuser.com/questions/756158/what-does-the-linux-pipe-symbol-do
0x20: Memory and Registers
Subject matter learned in Computer Organization: processor pipelining, memory types vs speed, Instruction decoding.
High-level Register reference: https://www.cs.umd.edu/class/sum2003/cmsc311/Notes/Overall/register.html
0x21: Memory
Virtual-Physical memory mapping learned in OS
High-level overview of Linux Memory Management: http://www.thegeekstuff.com/2012/02/linux-memory-management/
0x22: Process memory layout
Elf File format: https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
Process memory overview: http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory/
Take note that the above link reverses address direction (high-on-top) whereas the better way is (low-on-top)
0x23 Registers:
Learned about memory timings and CPU caching in Comp Org
Register reference: https://wiki.cdot.senecacollege.ca/wiki/X86_64_Register_and_Instruction_Quick_Start
Syscall table: http://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/
0x31: Assembly Instructions
High-level overview of Assembly: http://ian.seyler.me/easy_x86-64/
x86 Instruction reference: https://www.aldeid.com/wiki/X86-assembly#Pages_in_this_category
Video tutorial of basic assembly: https://www.youtube.com/watch?v=busHtSyx2-w
0x32: Function Prologue and Epilogue
Look here for which registers are preserved across function/syscalls: https://stackoverflow.com/questions/18024672/what-registers-are-preserved-through-a-linux-x86-64-function-call
Stack frame layout on x86-64: http://eli.thegreenplace.net/2011/09/06/stack-frame-layout-on-x86-64
Ridiculously drawn (with terrible audio) but accurate: https://www.youtube.com/watch?v=kSgrKtA0rJM
0x33: Stack Frames
Use `man ascii` to see what ordinal values correspond to which letters of the alphabet! (or visit a page like http://www.ascii-code.com/)
0x34: Quick note about Endianness
More about endianness: https://en.wikipedia.org/wiki/Endianness
0x40: Radare2
Official radare2 repo (with install instructions): https://github.com/radare/radare2
My custom radare2 Cheat Sheet: https://docs.google.com/document/d/1our_fcFcufIJ13QsZoDuGOEBqftF6o0zEkDsqzAy43U/edit?usp=sharing
Unofficial radare2 Cheat Sheet (a little outdated):
https://github.com/pwntester/cheatsheets/blob/master/radare2.md
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment