Assembly Code Programming for the x86/x64

Duration: 5 Days | Price: CDN$3245 *Prices are subject to GST/HST

Class Dates:

Students Will Learn:

Basic Principles of Machine Architecture
The x86/x64 Computer Architecture
Data Movement Instruction
Arithmetic Instructions
Bit Manipulation Instructions
Program Control Instructions
Floating Point Instructions and FPU Operations
Overview of SIMD (SSE/SSE2/SSE3/XMM/MMX) Instructions
Stack Management and Stack Layout for C and C++
Reverse Engineering of Code

Analyzing Malware at the Assembly Code Level
Using the Microsoft Macro Assembler
Using the Visual Studio Debugger
Interrupts and Interrupt Handlers (Emphasizing Use in the Context of Windows)
Understanding Code Produced by Optimizing Compilers
Performance Measurement of Code
Using the WinDbg debugger (Used in Kernel Mode Debugging)
Low-Level I/O including PCI Bus Devices
Cache Management Issues for I/O

Course Description: This hands on assembly code training course introduces students to the concepts of machine code and assembly code. Emphasis is on using this knowledge for analysis of code, rather than in creating code, but code creation is taught, and most of the exercises involve writing small subroutines in assembly code. Discussion of how to analyze obscure bugs caused by malfunctioning C or C++ code will be discussed, particularly how to read crash dumps of both applications and kernel code. The course can be of use to support engineers who have to be concerned with analyzing bugs caused by erroneous or deliberately malicious code. But it also applies in general to anyone who needs to know how the basic computer operates. The course is also useful for those working with embedded systems where they must create capabilities outside the specifications of the C language or similar programming environments.

The course is primarily focused on programming in user space in 32 bit and 64 bit architectures. Labs that involve running code will use the 32-bit environment, but other labs which involve studying code will also consider the 64-bit compiler environment.

The course will study both hand-written assembly code and examination of code generated by the compiler, including debug mode code and optimized code. Optimized code will be examined carefully because it illustrates the difficulties of reverse-engineering source code from executable code. Labs will include exercises in reconstructing source code from optimized object code.

Methods of reading kernel memory dumps will be addressed, with particular emphasis on the kinds of bugs that require detailed knowledge of assembly code to examine and explain. This involves a brief overview of device driver architecture and hardware interfacing issues.

The course is taught on Microsoft Windows, using Microsoft tools (Visual Studio, ml and ml64 assemblers, WinDbg). However, the basic principles apply to all assembly language programming environments for the x86, although details of the tools, include fine points of assembler syntax, may differ on various platforms. Therefore, the basic knowledge is applicable to Unix, linux, Solaris, Mac OS X, Intel assembler and embedded x86 environments.

Audience: This course is designed to introduce programmers who may never have looked at assembly-level code or understood what they were looking at if they saw it; those programmers who wish to become more fluent in reading assembly code; those programmers who may need to write high-performance code using the SSE-class (SIMD) instructions.

Although the course is taught using the Microsoft tools, the concepts of assembler are applicable to any x86 or x64 environment, so the course is suitable for UNIX/Linux programmers.While the interactions may be slightly unfamiliar, the core concepts are identical. A version of vim will be available as an editor for those who prefer it.

Course Prerequisites: Programming experience. Previous experience with C and/or C++, since examples will rely on C/C++ usage and reverse-engineering will concentrate on showing how to deduce source code from compiler-generated assembly code.

Assembly Code Programming for the x86/x64 Course Overview:

Assembly Language Programming Overview Course Overview Myths and Truths About Programming in Assembly Language Machine Architectures RISC & CISC Machine Architecture Descriptions: ISP (Instruction Set Processor) and PMS (Processor-Memory-Switch) The x86 System Architecture Memory Caches Pipelines NUMA Architectures Mapped Memory Translation Lookaside Buffer Multiprocessors Superscalar Architectures		The x86 Programming Model Instruction Format Registers FLAGS/EFLAGS/RFLAGS Data Move Instructions Arithmetic Instructions Control transfer Instructions Parameter Passing Addressing Parameters Stack Layout Bit Instructions: AND/OR/NOT/XOR Bit Instructions: Shifts and Rotates Bit test Instructions Strings and Block Moves Structure and Array Access
Kernel Calls from Assembly Code Kernel DLLs The Undocumented Interface Dispatch Tables Kernel Symbol Tables		Multiprocessor Issues Concurrency LOCK Prefix Cache Consistency and Coherency
The x86 Instruction Set Architecture Register Sets Data Registers Segment Registers The Programming Environment Program Structure Addressing Modes Instruction Format 64-bit Architecture		String and Block Instructions MOVS LODS SCAS CMPS REP Prefix
Assembler Syntax Identifiers Integer Constants Floating Point Constants String Constants Assembler Directives Program Structure Interfacing to C/C++		Structures Declaring Structures in Assembler Structure Packing #pragma Pack Structure Acces Passing Structures by Value
Visual Studio Setting up Assembly-Language Projects in Visual Studio Building Projects in Visual Studio Debugging Projects in Visual Studio Generating Compiler Listings Generating Assembler Listings		Interrupts Interrupts and Exceptions The Interrupt Descriptor Table Interrupt Gate Descriptors Handling Interrupts in Device Drivers Low-Level Interrupt support CLI/STI
Data Types Integer Values Byte Order Signed and Unsigned Data Floating Point BCD Declaring Data in Assembly Code		The x64 Programming Model Registers Instruction Format 64-bit Instructions 64-bit Floating Point Parameter Passing Stack Layout
Register Usage Established Conventions 32 and 64 Bit Values Floating point Values The Frame Pointer		Miscellaneous Instructions CPUID RDTSC
Moving Data General MOV Sign/zero Extension XCHG/BSWAP XADD/CMPXCHG Converting to Wider Values Conditional Moves		Floating Point IEEE 754 Formats x87 Compatible Instructions Denormalized Numbers NAN, INF and IND Results Rounding and Precision The Floating Point Stack Floating Point Operations Floating Point Comparisons Condition Codes
Creating an Assembly Code Project Basic Framework Directives Required Visual Studio Calling Conventions Return Values Header Files for C and C++ Mixed-Mode (C/C++ and MASM) Programming		Compiler Optimization: C/C++ Constant Folding Common Subexpressions Code Motions Global Optimizations Implicit Inlining Interprocedural Optimization Tail Recursion Link Time Code Generation Recognizing the Effects of Optimization on Debugging Recognizing the Effects of Optimization on Reverse Engineering
The Stack Stack Usage Stack Conventions Stack Operations Calling Conventions and Execution Environment Interrupts and Exceptions ENTER/LEAVE Instructions Frame pointer Optimization EBP parameter Addressing ESP parameter Addressing Local Variables		Overview of the SSE/SSE2/SSE3 Instruction Set Concepts of Streaming Instructions Brief Introduction to Instructions Branch Elimination Aligned Storage Integer and Floating Point Simple Examples of Computations Measuring Performance of SIMD vs. non-SIMD Algorithms
Arithmetic Instructions Integer Addition Integer Subtraction Integer Multiplication Integer Division Negation Increment/Decrement Comparison of Values		Performance Measurement Timers: Precision and Accuracy QueryPerformanceCounter QueryPerformanceFrequency RDTSC Creating Valid Performance Measurement Experiments
Control Transfer JMP Instruction Conditional Jumps Signed/Unsigned Issues on Conditional Jumps LOOP Instruction		Advanced Assembler Assembler Expressions Conditional Assembly Macros
Bitwise Instructions AND/OR/XOR TEST Shift and Rotate Double-Shift Bit Operation Performance Performance Mythbusting		Dealing with Kernel Debugging Installing WinDbg Examining Kernel Crash Dumps Examining Application Crash Dumps The Symbol Server Remote Application Debugging over the Network Kernel Debugging The Driver Verifier
Studying Compiler Output Enabling Compiler Listings Examining Listings Prolog and Epilog Code The NPAD Macro High-Level Compiler Directives PROC Directive with Parameters USES Clause on PROC LOCAL Directive Code Generated by Directives		Device Driver Programming for Crash Analysis Device Driver Overview Basic Driver Architecture IRQL Levels Interrupt Service Routines (ISRs) Deferred Procedure Call handlers (DPCs) How Devices do Input and Output IN/OUT Instructions Bus Architectures The PCI Bus and PCI Configuration Space Relevance of these Concepts to Reading Crash Dumps
Caches and Cache Consistency Cache Concepts Cache Levels Ways and Associativity Cache Coherency SIMD and Weak Memory Ordering		Reverse Engineering Case Analysis Optimization 64-bit Compiler

Multiple Training Locations - Convenience and Cost Control

Regularly Scheduled Courses in 11 Cities Across Canada

Hands On Technology Transfer, Inc.
1 Village Square, Suite 8
14 Fletcher Street
Chelmsford, MA 01824
978-250-4299