

Assembly tutorial for linux - ConceitedCode
http://www.cin.ufpe.br/~if817/arquivos/asmtut/index.html#intro

======
nhebb
When I learned assembly years ago, my favorite assignment was a binary bomb.
The goal was to "defuse" the binary bomb, which you did by using gdb to
disassemble and step through the code in order to figure out how to get to the
next phase. There were 10-12 phases, IIRC. It was a great assignment - it
helped you understand assembly better while learning how to use gdb - all in
the form of a puzzle.

If anyone is interested, below is the first one I found via Google.

<http://stevebirstok.com/wp/?p=16>

~~~
ga2arch
Really interesting link. Thanks.

------
wladimir
Note that this page is almost 10 years old, I wonder if the system call
interface changed since then.

~~~
rwmj
tomjen3 is literally correct that the system call interface used here (int
$0x80) still works.

However the system call interface used by most Linux programs today is
different in two important respects:

(1) Most(?) current Linux programs run on x86-64 and I'm not sure if int $0x80
is even implemented for this architecture. Whether or not it's implemented, it
is not the one which is used normally. Programs use a special 'syscall'
instruction:

[http://repo.or.cz/w/glibc.git/blob/HEAD:/sysdeps/unix/sysv/l...](http://repo.or.cz/w/glibc.git/blob/HEAD:/sysdeps/unix/sysv/linux/x86_64/syscall.S)

(2) Even on 32 bit i?86, int $0x80 has not been used by ordinary compiled
programs for a long time. This is because software interrupts were discovered
to be very slow, since all registers are saved whether you need to or not.
There are faster methods to enter the kernel now. Originally the replacement
was to use the Intel 'sysenter' instruction. This was slow too. It was
replaced by a "call gate" via %gs, see ENTER_KERNEL here:

[http://repo.or.cz/w/glibc.git/blob/HEAD:/sysdeps/unix/sysv/l...](http://repo.or.cz/w/glibc.git/blob/HEAD:/sysdeps/unix/sysv/linux/i386/sysdep.h#l187)

I think modern code on 32 bit ix86 now uses 'syscall' where available. It's
hard to keep up, and a detail that doesn't matter for anyone except a handful
of kernel and glibc hackers.

------
saintfiends
Before checking the tutorial I disassembled it myself to see how it's working.
Based on my interpretation I entered

    
    
       2 <enter> 1 <enter>
    

This diffused the bomb. Later I found out that was not suppose to be the code.

