Become comfortable reading assembly
Please complete the following tasks. Since the goal is to learn assembly do not use IDA, Ghidra or any decompilers for these tasks.
The following is base64 encoded position independent code (aka shellcode), well 99% of the code is.
Mclki0Ewi0AMi0AUiwQIiwQIi1gQiV38aGvQK8r/dfzoFgAAAGoAagBqAGjQMEwAagBqAP/Q6VkAAABgi2wkJItFPItUBXgB6otKGItaIAHr4zRJizSLAe4x/zHA/KyEwHQHwc8NAcfr9Dt8JCh14YtaJAHrZosMS4taHAHriwSLAeiJRCQcYcM=
- Use a language of your choice to decode the base64 encoded data, disassemble the binary data using the capstone engine and save the text to a file named
disassemble.txt - Add a detailed comment for each line of instructions in
disassemble.txt. - Reimplement the hash algorithm in a language of your choice. A test case is the string
TraceLoggingRegistershould equal0x6F90986. - What structures are being used by the shellcode and why are they are important?
Save all output, code and notes. They will be reviewed.
Understanding Windows Shellcode
- Intel 64 and IA-32 Architectures Software Developer Manuals (Free)
- Reference for looking up instructions.
- Assembly Language for X86 Processors by Kip Irvine
- Well written and probably the best book on Assembly Language.
- Buy an older used edition. New version are super expensive.
Recommended resources for learning reverse engineering (emphasis on malware analysis)
https://gist.github.com/alexander-hanel/dad761bdfa3b810ab210da9ae1b383fe