OSED Notes Study Overview by Joas Antonio.pdf

OSED Notes Study Overview by Joas Antonio

https://www.linkedin.com/in/joas-antonio-dos-santos

Sumário

OSED Notes by Joas Antonio and Alex ..................................................................................... 1

Laboratory ..................................................................................................................................... 3

X86 Architecture ........................................................................................................................... 3

CPU Register ............................................................................................................................... 10

edi ....................................................................................................................................... 16

ebp ...................................................................................................................................... 16

esp ...................................................................................................................................... 16

Special Purpose Registers ............................................................................................ 16

eip ....................................................................................................................................... 16

flags .................................................................................................................................... 17

Introduction Windows Debugger ............................................................................................... 17

Windows Register ....................................................................................................................... 32

Controlling Execution with Windbg ........................................................................................... 38

Stack Based Buffer Overflow ...................................................................................................... 40

IDA Pro ...................................................................................................................................... 238

Windows ASLR Bypass .............................................................................................................. 256

Egg Hunters ............................................................................................................................... 265

Introduction to the Win32 Egghunter .................................................................................. 290

SEH Buffer Overflow EggHunter ........................................................................................... 308

Shellcode ................................................................................................................................... 335

Shellcode Encode and Decode ............................................................................................. 406

Creating Shellcode Encoded ................................................................................................. 418

DEP Bypass ................................................................................................................................ 429

Overwriting EIP ......................................................................................................................... 457

Reverse Engineering with GDB............................................................................................. 597

Assembly and C/C++ Courses ................................................................................................... 608

Study Material – OSED ............................................................................................................. 609

https://github.com/epi052/osed-scripts

Advantech WebAccess webvrpcs.exe

Sync Breeze Enterprise 10.0.28

Intelligent Management Center (iMC)

SLMail 5.5

X86 Architecture

What Does x86 Architecture Mean?

The x86 architecture is an instruction set architecture (ISA) series for computer processors.

Developed by Intel Corporation, x86 architecture defines how a processor handles and

executes different instructions passed from the operating system (OS) and software programs.

Provides procedures for utilizing and managing the hardware components of a central

processing unit (CPU)

The x86 architecture primarily handles programmatic functions and provides services, such as

memory addressing, software and hardware interrupt handling, data type, registers and

input/output (I/O) management.

Classified by bit amount, the x86 architecture is implemented in multiple microprocessors,

including 8086, 80286, 80386, Core 2, Atom and the Pentium series. Additionally, other

microprocessor manufacturers, like AMD and VIA Technologies, have adopted the x86

architecture.

Many peculiarities in the x86 instruction set are due to the backward compatibility with that

processor (and with its Zilog Z-80 variant).

Microsoft Win32 uses the x86 processor in 32-bit flat mode. This documentation will focus only

on the flat mode.

Registers

The x86 architecture consists of the following unprivileged integer registers.

eax

Accumulator

ebx

Base register

ecx

Counter register

All integer registers are 32 bit. However, many of them have 16-bit or 8-bit subregisters.

bp

Low 16 bits of ebp

Low 16 bits of esp

Operating on a subregister affects only the subregister and none of the parts outside the

subregister. For example, storing to the ax register leaves the high 16 bits of the eax register

unchanged.

When using the ? (Evaluate Expression) command, registers should be prefixed with an "at"

sign ( @ ). For example, you should use ? @ax rather than ? ax. This ensures that the debugger

recognizes ax as a register rather than a symbol.

However, the (@) is not required in the r (Registers) command. For instance, r ax=5 will always

be interpreted correctly.