Article & Guides
23/01/2009 Featured Article: How to remove Buzus Virus (permalink)
Example of creating a binary executable(by jes)
A short example of how to create an executable from an assembly program written with Debug. The used commands are Assemble, Unassemble, Dump, Write, Quit. The job consists in writing the assembly code and valorizing a small data area. The bytes are saved in a file ready for execution. That's a 5 minute course!
This article is online from 3504 days and has been seen 35306 times
Description : Creating an executable program using Debug
We want to create an executable file (a .com program) coding it with the good old debug. The result will be a program, let say test.com, which can be executed from dos or from windows.
This way of coding is usefull in different cases. Obviously it's a very good way of explaning assembly fundamentals. But it can come in handy if you must create a executable on-the-fly without wanting to startoff IDEs and compilers. In many occasions I used this technique to create a dummy executable (containing only and END instruction) to substitute particular viruses which were difficult to eliminate. In these cases you can try to substitute the executable virus code (it must be an .exe program, not a .dll or other) with our dummy executable. This gives you two results: you stop the viruses from executing and stop its propagation.
The program is composed by two main areas, a CODE area and a DATA area. The code will use the data, data on its own would by quite useless and it would be a .dat file or a .txt not an executable. Our data will consist in a line of text and the code will simply print it in the console.
To use debug you must press the enter key after each command. The dash (-) is the prompt, you don't have to type it...
>>> start debug from a dos console and obtain the prompt; the prompt means debug is awaiting for a command
>>> now we want to code-in our assembly program using the Assembly command (a), so just type the letter 'a' followed by enter
>>> debug is ready to let us write our program starting from address 100; now we can type in our program and the address will automatically increment after each line, ready to accept next instruction; after every instruction you confirm the line pressing enter (eg. mov ah,9 enter)
0D1B:0100 mov ah,9
0D1B:0102 mov dx,200
0D1B:0105 int 21
0D1B:0107 int 20
>>> our program is 9 bytes long (from address 100 to address 108 inclusive); on the last line just press enter to say that the program is finished and we get back to the prompt; after coding in the assembly program we want to write some characters directly in memory starting from address 109 (because our program finishes at 108); we will use the Edit command (e), just type in the letter 'e' followed by the address to be used for the editing
-e ds:109 'ciao$'
>>> we just inserted a line of text at address 109. the ending dollar symbol indicates the end of the line. to see our full program we will use the Unassemble command (u), so lets write ucs:100 followed by enter
0D1B:0100 B409 MOV AH,09 ; we want to use function 9 of int 21 to print a string
0D1B:0102 BA0901 MOV DX,0109 ; in dx we put the address of the string to print
0D1B:0105 CD21 INT 21 ; go! print the string
0D1B:0107 CD20 INT 20 ; end-of-program
0D1B:0109 63 DB 63 ; 'c'
0D1B:010A 69 DB 69 ; 'i'
0D1B:010B 61 DB 61 ; 'a'
0D1B:010C 6F DB 6F ; 'o'
0D1B:010D 2419 AND AL,19 ; '$'
>> now lets have a look at the memory using a hex dump; we will use the Dump command (d) followed by the address to dump; in the dump we can recognize the same bytes we had just before, they are just in another format
0D1B:0100 B4 09 BA 09 01 CD 21 CD-20 63 69 61 6F 24 19 4D ......!. ciao$.M
0D1B:0110 53 2D 00 00 00 20 56 65-72 73 69 6F 34 00 0A 0D S-....Versio4...
>> now lets save the program in a file called test.com; we must insert the filename, the program size e give the Write command (w); the program size is 14 bytes (count them!) which is 0E in hexadecimal
Writing 0000E bytes
>>> we're done! lets quit debug pressing 'q' and we can try to run our program
>>> run the program...!
That's all folks!
°°° J E S ...
How to undongle
hardware key debugging with softice
SoftIce : breakpoint Win32 API
Entrypoint of most used Win32 routines
Softice Debugger Usage Manual
A very good manual for SoftIce Usage
Static Detection of Vulnerabilities in x86 Code
Analysis of assembly code for security problems
(by M.Cova V.Felmetsger G.Banks G.Vigna)
Windows Debugging Tutorial v1.00
Piccolo esempio d'uso del SoftIce
A debugging session on an old protection scheme
(by Xoanon / Pinnacle)