[Security] (1): Hacker programming skills

[Security] (1): Hacker programming skills
I have been in contact with the security field for four years. I have been familiar with many aspects, but I am not proficient. I feel that my strength is lacking, therefore, I decided to start learning the core knowledge and skills of Hack technology today: vulnerability mining and malicious code analysis. Because it mainly involves this field, it is not closely related to WEB security scripts. Everything needs to be traced to the root of the root cause, and ye Mao hopes to make use of the past two years.
Today we will talk about the basics of Hack technology programming. When talking about the basics, everyone will give some insightful opinions, mainstream recommendations include C/C ++, Java, Perl, Python, and VB, and SOCKET programming and system programming. I was confused for a while. I studied C at the university. I learned C ++ from my graduate students, and I learned Python again after work. My own feeling is: I still need to use C ++ and Java for engineering, but I am better at developing security tools than Python. Because it is easy to learn and easy to use and powerful, it is very suitable for writing my own personal gadgets. In my opinion, the basics of Hack programming should cover the following aspects:
1. C/C ++ programming language;
2. Computer Memory knowledge;
3. Basic Intel processor knowledge;
4. assembly language basics;
5. debug the gdb program;
6. Python programming skills;
The following is a brief description.
I. C Programming Language
The importance of C is that Unix and Windows systems are mostly written in C, so the underlying core mechanism is C. Although Widows systems are increasingly using the C ++ architecture, however, the root cause of the vulnerability is roughly the same as that of C. The root problem of the vulnerability is not solved. The C/C ++ language helps us understand and implement the vulnerability program. This section only involves the basic knowledge of main (), variables, function calls, basic input and output, string operations, condition/loop structures, and so on.
Another thing to learn is the basic compilation skills. We recommend that you use gcc because you can obtain the target file (gcc-c) and Assembly file (gcc-S) based on your choice), disable stack protection (gcc-fno-stack-protector) and other options, it can be said that the function is very powerful.
The specific C/C ++ knowledge points can refer to my collections: http://blog.chinaunix.net/special/show/sid/1129.html

Ii. Computer Memory
The memory of the computer is the basic read/write memory, and the most relevant to our program is RAM. here we need to master the following small points:
-1. byte order: different vendors support different write orders. Some vendors believe that data should be written from a low memory address, such as Intel, so it is called a "small-end method "; in addition, some vendors believe that data should be written from a high address, such as Moto, which is called the "big-end method ". We will actually process the two write methods when we discuss shellcode in the future.
-2. Program layout in memory: each process naturally has its own memory space. The process is actually the resource container for running the program, and the thread is the specific running instance. Here we focus on six main memory segments:
-2.1 -:. text section, which corresponds to the binary executable file. the text section is partially consistent and mainly contains the machine commands to be executed to complete the work. This section is read-only. If it is written, a segment error will occur;
-2.2-:. data section. This section is mainly used to store global initialization variables, such as int a = 0, which is fixed during runtime;
-2.3-:. bss section, which is lower than the below stack section. This section stores uninitialized global variables, such as int B, which are fixed when running;
-2.4-: heap section, which is used to process the variables dynamically allocated when the program is running, and the allocated space is written from the low address to the high address;
-2.5-: stack section. This section mainly processes the data called in the function process, including the variables and statements in the function. However, most systems use the method from high address to low address, the growth of this stack has led to the existence of the overflow;
-2.6-: Environment/parameter section. This section is used to save copies of system-level variables that may be used by processes during runtime, such as accessible paths, shell names, and host names of running processes.
-3. buffer, string, and pointer: This part is the basis of C, so I don't need to talk about it anymore?

Iii. Intel processor
The main knowledge of the processor is the commonly used registers, such as the General Register EAX/EBX/ECX/EDX, such as the segment register CS/SS/DS/ES/FS/GS, the most important thing here is ESP (Extended Stack pointer). We often need to use ESP to determine the top position of the stack; the other is the EIP register, the address stores the next instruction that the CPU will execute.
For more information, see: http://blog.chinaunix.net/uid-26275986-id-4334522.html

Iv. assembly language basics
For security purposes, you cannot understand assembly, and you may not be able to use assembly programming. However, reading assembly is a basic requirement. People who do not understand assembly cannot go deep into the essence of security issues. The Assembly Language is divided into two formats: ATT and NASM. Although the machine commands generated are identical, the assembly language representation is different. For example, ATT's operands are in the opposite order of NASM:
Write 0x10 to the eax register:
ATT: Movl % eax, $0x10
NASM: mov 0x10, eax
It can be seen that the constants in ATT must use the $ prefix, while the registers must use the % prefix, And the operand order is the opposite. It is not easy to compile linguistics. Fortunately, we are not a compilation programmer. What we need is to be familiar with some common commands and understand the analysis when necessary:
1. mov: this command is used to copy data from the source to the destination. After the copy is successful, the source data will not be removed;
2. The add/sub: add command is used to add source data and target data and save the result to the destination. The sub command is used to subtract the source from the destination and store the result to the destination;
3. push/pop: push is used to press the stack and write data into the stack. pop is used to play the stack, that is, to extract the top elements of the stack from the stack and save them to the operations;
4. xor: an exclusive or command is actually an operation that determines whether binary bits are the same. The difference is an exclusive operation, that is, '1'. The same operation is '0', similar to a mod2 operation;
5. jne/jnz, je/jz, jmp: jne and jnz are the same thing. When the zero mark is ZF = 0, the jump will be made; When ZF = 1, je and jz will jump; jmp will jump at any time;
6. call/ret: used for function process call and process return;
7. inc/dec: this command is used to increase or decrease the destination operand;
8. lea: this command is used to load the actual address of the source operand to the destination operand, for example, lea eax, [dsi + 4];
9. int: This command can throw a system interruption signal to the CPU. Commonly, It is 0x80, which is used to send system calls to the kernel;
In addition to the basic assembly commands, you also need to understand the Assembly addressing mode, mainly indirect addressing and relative addressing. Fortunately, it is not difficult. Another skill is to use gdb for program debugging, such as setting the endpoint tracking.

5. Python programming skills
This part is mainly able to use Python development tools needed, the basic syntax concepts can refer to the mainstream textbooks, can also refer to my collection: http://blog.chinaunix.net/special/show/sid/1235.html