Modifying x64 Machine Code by Hand
Рет қаралды 6,811
Күн бұрынIn this video I will make a simple demonstration of modifying the machine code of a C program.
Documentation:
Intel SDM
@Maxjoker98 2 күн бұрын
Pro tip: instead of using python to look up the ASCII value in a specific notation, simply use man ascii, which has a table with decimal, octal, hexadecimal notation, along with a symbol name.
@faust-cr3jk 5 күн бұрын
To be honest, I don't find editing a constant in a binary file particularly interesting. Much more interesting would be adding actual code, for instance inserting or removing some assembly intruction. This might be a little bit pain in the neck, because you have to make sure that all addresses (ie function calls, jumps) are still correct. Plus, x86_64 has variable instruction length, which does not make those kind of tricks easier.
@amorsmor8528 5 күн бұрын
@@faust-cr3jk +1
@urisinger3412 5 күн бұрын
Usually, adding hooks is much simpler then inserting assembly
@nirlichtman 5 күн бұрын
I considered modifying the instruction itself but dropped that idea since I came to a conclusion that modifying the operand would be the simplest demonstration of this. The idea in this video (and generally in my channel) is to take the simplest approach to these kinds of demonstrations, to make them as clear as possible. Since the operand is encoded as part of the machine code of the instruction, this is a nice and simple way to demonstrate this capability.
@space9824 5 күн бұрын
This is so cool! Thanks for all the work you put into these vids. I always recommend your channel to new developers as an introduction to low level programming concepts. You're really good at breaking things down in a way that makes really complex topics feel approachable.
@dovonun 5 күн бұрын
Wow, I didn't know about the reverse function!
@devonkozenieski6556 4 күн бұрын
Your videos are informative and straightforward. Thanks.
@jemalguillory 5 күн бұрын
Thanks, Nir! Here after your windbg session. I'm loving these POCs.
@ofeki4533 5 күн бұрын
Beautiful making of a video! Thank you for this valueable content!!❤
@notsumo 5 күн бұрын
very cool. this is how i "solved" a binary bomb for a class one time by replacing a few function calls with `nop` instructions 💀
@bfth121 5 күн бұрын
Interesting, you dumped it to text and then took it back - great video!
@mghost7737 5 күн бұрын
Nice video, simple but still really cool to watch!
@oserodal2702 5 күн бұрын
Thanks for this video, I can teach my baby how to write their first JIT compiler!
@VaibhavSharma-zj4gk 5 күн бұрын
great content...
@segmentationfaullt 5 күн бұрын
where can i learn those low level programming stuff?
@nirlichtman 5 күн бұрын
check out the welcome link on my channel for recommended resources
@evildragon1774 5 күн бұрын
Have you tested this?: If i were to compile in AMD chip, would the RET value be changed from C3 to something else?
@nirlichtman 5 күн бұрын
AMD actually set the standard regarding x86_64 instructions (hence many times it's called amd64) and Intel failed with their own attempt so nowadays Intel 64 is almost entirely compatible with AMD64, that is why this binary can run regardless if the CPU is AMD or Intel. As for the RET instruction specifically, it indeed also uses C3 on AMD, you can confirm that if you go to the AMD Programmer's Manual.
@xanjaxn 2 күн бұрын
Thank you for consistently putting out such great info on topics that are difficult to find info on! I tried to replicate this on an Apple silicon chip, and I was unable to find the corresponding instructions that objdump produced. I couldn't even find the 'a' and 'b' bytes passed to putchar(). Do you know how this process would differ on ARM/Apple silicon?
@nirlichtman 2 күн бұрын
Could you elaborate where the problem is exactly, you see the instructions and their offset in objdump but when go to the offset in xxd output you can't find the letters? perhaps the MacOS objdump works slightly differently, but make sure you are working with the offsets in the file (-F flag) and not with the in-memory offsets.
@Kim-e4g4w 5 күн бұрын
One thing I have been pondering about is the source code for gcc, it is probably huge, so I wonder what are the tiniest C compilers out there? For instance a C compiler with only a few keywords(not a complete C compiler), just to show the concept. Reason I ask is because it would be fun if one could build a tiny language starting from the ground, just to produce an ELF-binary(x64). Say the language has only: #1. int variable, #2. if statement, #3. simple print function, #4. for loop and #5. simple math operation (+-*/)
@oserodal2702 5 күн бұрын
It's literally called the tiny c compiler (tcc). Very interesting applications in bootstrapping a system from as minimal tools as possible.
@nirlichtman 5 күн бұрын
That's a good question, that would indeed be very cool, I don't know of anything popular like that, there is a project on Github which is attempting to make a B compiler (the predecessor of C) that works on Linux and that is probably pretty minimal. Regarding Assembly, FASM is pretty popular and is very minimal but I am not sure how well maintained it is so for now I have stopped using it, and prefer sticking with GNU AS when writing Assembly on Unix likes.
@nirlichtman 5 күн бұрын
@@oserodal2702 Cool, didn't know about tcc, thanks for sharing!
@Kim-e4g4w 4 күн бұрын
@@nirlichtman Just for fun I tested the latest Ollama 3.3 70B LLM to see if it could help me write a very simple compiler, well it shallowly did look okay but it failed at generating specific Assembly instructions into machine code. Perhaps I'm expecting a bit too much of the current AI. Not sure if using AI are something of interest to anyone here, for me it is still a novelty that I am exploring.
@nirlichtman 4 күн бұрын
@KimGameDev interesting, maybe if you adjust the prompt to only go until generating human readable assembly instructions (say in GNU assembler format) it would work a little better
@ChandrashekarCN 3 күн бұрын
💖💖💖💖
@amitkeren7771 5 күн бұрын
Great vid!
@dato3767 3 күн бұрын
Hello Nir, could you assist me? What would be the most suitable job title for this type of work? I have a strong interest in low-level programming and aspire to make it my profession. I believe I would excel in this field, as I possess extensive experience in x86-64 assembly, C/C++, and a solid grasp of computer architecture and microcontrollers.
@nirlichtman 2 күн бұрын
I would suggest looking into jobs in the fields of Operating Systems (groups such as Windows/MacOS/Android/Chromium/smaller stuff), Embedded/Firmware Dev, Security. If you want a glimpse of some additional companies in this area, one way to find out is to check out the companies in the email addresses of maintainers of the Linux kernel for instance (the MAINTAINERS file), good luck!
@dato3767 Күн бұрын
@@nirlichtman thank you
@divadgnol67 5 күн бұрын
Now if I could just get this rabbit to come out of my hat
@sophiatheodores7985 5 күн бұрын
bro what are you doing calling it x64
@nirlichtman 5 күн бұрын
😂 sorry x86_64
@rian0xFFF 5 күн бұрын
thanks, now i can crack some apps
@turner7777 5 күн бұрын
you changed a byte, congrats
@jackkendall6420 5 күн бұрын
Beyond what a lot of computer users would know how to do.
@flyingzeppo 4 күн бұрын
You're a d*ck, congratulations.
Big or Small challenge 😂 Giant chocolate mushroom or small sausage? 🧐 #shorts Best video by Hmelkofm
Hmelkofm
Рет қаралды 14 МЛН
Железный Бес
Рет қаралды 414 М.