BOLO: Reverse Engineering — Part 2 (Advanced Programming Concepts)

Daniel A. Bloom
Apr 22, 2018 · 12 min read
BOLO: Reverse Engineering — Part 2 (Advanced Programming Concepts)

Preface

Throughout this article we will be breaking down the following programming concepts and analyzing the decompiled assembly versions of each instruction:

  1. Pointers
  2. Dynamic Memory Allocation
  3. Socket Programming (Network Programming)
  4. Threading

Ok, Let’s begin!

While Part 1 broke down and described basic programming concepts like loops and IF statements, this article is meant to explain more advanced topics that you would have to decipher when reverse engineering.

Arrays

Let’s begin with Arrays, First, let’s take a look at the code as a whole:

Basic Arrays — Code
Basic Arrays — Decompiled assembly overview
Declaring an array with a literal — code
Declaring an array with a literal — disassembled
local variables — Arrays
Declaring an array with a variable — code
Declaring an array with a variable — assembly
declaring an array with pre-defined objects — code
declaring an array with pre-defined objects — assembly
initializing an array index — code
initializing an array index — assembly
retrieving an item from an array — code
retrieving an item from an array — assembly
creating a matrix with variables — code
Creating a matrix with variables — assembly
inputting to a matrix — code
inputting to a matrix — assembly
Retrieving from a matrix — code
Retrieving from a matrix — assembly

Pointers

Now that we understand how arrays are used / look in assembly, let’s move on to pointers.

Pointers — Code
int num = 10 in assembly
pointer = &num
printf num — assembly
printf *pointer — assembly
printf address of num — assembly
printf address of num using pointer variable — assembly
printf address of pointer — assembly

Dynamic Memory Allocation

The next item on our list is dynamic memory allocation. In this tutorial I will break down memory allocation using:

  1. calloc
  2. realloc

malloc — dynamic memory allocation

First, let’s take a look at the code:

Dynamic memory allocation using malloc — code
dynamic memory allocation using malloc — assembly

calloc — dynamic memory allocation

First, let’s take a look at the code:

dynamic memory allocation using calloc — code
dynamic memory allocation using calloc — assembly

realloc — dynamic memory allocation

First, let’s look at the code:

dynamic memory allocation using realloc — code
dynamic memory allocation using realloc — assembly

Socket Programming

Next, we’ll cover socket programming by breaking down a very basic TCP client-server chat system.

define the Port number

Server

First, let’s look at the code:

Server — Code
initiating the server variables
server = socket(…) — assembly
setockopt(…) — assembly
address initialization — assembly
bind(…) — assembly
listen(…) — assembly
sock = accept(…) — assembly
value = read(…) — assembly
send(…) — assembly

Client

First, let’s look at the code:

Client — code
Client variable initialization — assembly
sock = socket(…) — assembly
memset(…) — assembly
Client — address configuration — assembly
inet_pton(…) — assembly
connect(…) — assembly
send(…) — assembly
value = read(…)

Threading

Finally, we’ll cover the basics of threading in C.

Threading — Code
printf “This is before the thread” — assembly
Creating a new thread — assembly
The mythread function — assembly
joining the mythread function’s thread back to the main thread — assembly
printf “This is after the thread” — assembly

Closing Statements

I hope this article was able to shed some light on some more advanced programming concepts and their underlying assembly code. Now that we’ve covered all the major programming concepts, the next few articles in the BOLO: Reverse Engineering series will be dedicated to different types of attacks and vulnerable code so that you may be able to more quickly identify vulnerabilities and attacks within closed source programs through static analysis.

Daniel A. Bloom

Written by

Daniel Bloom is a young, self taught, entrepreneur and the Founder of Bloom Cyber Defense, LLC — http://bcdefense.com — Twitter: @bcdannyboy