PMA 301: Assembly Code in Jasmin (10 pts + 10 extra)

What You Need for This Project

Purpose

To practice writing and running basic x86 assembly code, using the Jasmin interpreter.

Downloading Jasmin

If you have the malware analysis VM running, Jasmin is already installed.

Otherwise, you can download Jasmin here, but you may prefer the one without the cheesecake image, which is here.

Understanding the Jasmin Window

In the malware analysis VM, click Start and type JAS. Launch Jasmin.

Jasmin launches, with a cringe-worthy pinup on it.

Click the "New File" button.

Look over the window, referring to the diagram below:

Find and examine these sections:

Registers

Data used during processing is stored in the registers EAX, EBX, ECX, and EDX.

The ESP (Extended Stack Pointer) contains the address of the top of the Stack.

The EIP (Extended Instruction Pointer) contains the address of the the next instruction to be processed.

Flags

These one-bit values that are used for branching. For example the JZ instruction will jump if the Zero flag is 1 (set), and the JNZ instruction will jump if the Zero flag is 0 (cleared).

Code

This is where you type in commands, such as mov eax,4

Help

Help messages appear here.

Memory

This processor has 0x1000 = 4096 bytes of RAM, which is not enough to run complete modern programs, but plenty for running little assembly programs for learning purposes.

With the Memory pane scrolled to the top, as shown in the image above, you see memory that the program will use to store data during processing.

Scroll this pane to the bottom to see the Stack, which starts at address 0x1000 and grows downward.

Using mov Instructions

In the Code section, type in these instructions.
mov eax, 4
mov ebx, 6
These instructions move the number 4 into eax, and the number 6 into ebx.

At the top of the Jasmin window, click the green Run button, as shown below.

The program runs. When it stops, notice these things, as shown below:

Troubleshooting

If you make an error in an instruction, the program will stop prematurely. Fix the instruction, and click the Reset button. Then you can run it again.

Storing Results in Memory

Add more lines to your Code section to make your program look like this:
mov eax, 4
mov ebx, 6
mov [eax], ebx
mov ecx, eax
add ecx, ebx
mov [eax+4], ecx
Here's what these instructions do:
mov eax, 4 Move the value 4 into eax
mov ebx, 6 Move the value 6 into ebx
mov [eax], ebx Move the value in ebx (which is 6) into the memory location pointed to by eax (memory location 4)
mov ecx, eax Move the value in eax (which is 4) into ecx
add ecx, ebx Add the value in ebx (which is 6) to the value in ecx (which is 4), and put the result into ecx (the result is 10)
mov [eax+4], ecx   Move the value in ecx (which is 10) into the memory location four past the location pointed to by eax (memory location 8)
Run the program. When it completes, you should see these results, as shown below:

Using the Stack

In Jasmin, click File, New.

In the Code section, type in these instructions.

mov eax, 4
mov ebx, 6
push eax
push ebx
Before running the program, notice the ESP: it contains 4096, as shown below.

4096 is 0x1000 in hexadecimal--this is where the Stack ends.

Scroll down in the Memory pane to see the last values. As show above, the last location is at 0xFFC. This value is 32 bits long, so it contains four bytes, at locations 0xFFC, 0xFFD, 0xFFE, and 0xFFF. The ESP points to the next byte, 0x1000.

Understanding Push

At the top of the Jasmin window, click the green Run button.

These instructions move the number 4 into eax, and the number 6 into ebx. Then both values are pushed onto the stack.

Notice these things, as shown below:

Understanding Pop

Add a pop instruction to your code, so it now looks like this:
mov eax, 4
mov ebx, 6
push eax
push ebx
pop ecx
Run the code.

Notice these things, as shown below:

Reversing a Sequence

In Jasmin, click File, New.

In the Code section, type in these instructions.

mov eax, 1
mov ebx, 2
mov ecx, 3
mov edx, 4
push eax
push ebx
push ecx
push edx
pop eax
pop ebx
pop ecx
pop edx
These instructions load values into the four registers, push them onto the stack in order, and pop them off the stack in order.

However, since the stack is a FILO (First In, Last Out) structure, this reverses the order of the values.

Push the Step four times to execute only the first four instructions, as shown below:

You see the values 1, 2, 3, and 4 loaded into the EAX, EBX, ECX, and EDX registers, as shown below.

Push the Step four more times to execute only the next four instructions.

You see the values 1, 2, 3, and 4 pushed onto the stack, as shown below.

Push the Step four more times to execute the remaining four instructions.

Now the registers contain these values:

as shown below.


PMA 301.1: Secret Message (10 pts)

Download this code and run it in Jasmin.

PMA301.1.asm

In the top center of the Jasmin window, click the leftmost green arrow to run the code.

In the bottom-center pane of Jasmin, click Console to see the output. The message is mostly 'X' characters, as shown at the bottom of the image below.

The code loads encrypted values onto the stack, decrypts them to place a secret message in ASCII into memory, and then overwrites the memory with 'X' characters.

Use Jasmin to run the code until it has decrypted the message, but has not erased it yet.

That message is the flag.


PMA 301.2: Secret Message (10 pts extra)

Download this code and run it in Jasmin.

PMA301.2.asm

In the top center of the Jasmin window, click the leftmost green arrow to run the code.

In the bottom-center pane of Jasmin, click Console to see the output. The console is empty, as shown below.

Figure out how to make the message visible. That message is the flag.


Modified for WCIL 5-21-19