PMA 302: Assembly Code in Masm32 (20 pts)

What You Need for This Project

• The Windows Server 2008 virtual machine we have been using. Any other Windows version would probably work too, but I haven't tested them.

Purpose

Installing Masm32

http://www.masm32.com/download.htm

Click the green "US Site 1" link, as shown below.

Save the file. A masm32v11r.zip file downloads.

Click Start, Documents.

Navigate to your Downloads folder, as shown below.

Right-click masm32v11r.zip and click "Extract All...", Extract.

Double-click the install.exe file.

Click Run.

The main installer box opens, as shown below.

On the top left, click the big globe labelled Install.

In the next box, click C:\ and click OK, as shown below.

In the next five boxes, click OK.

In the next box, click Extract.

In the next box, click OK.

A Command Prompt box opens, and many messages scroll by, as shown below.

This goes on for about two minutes.

When you see this box, click and press any key.

The next box says libraries were built correctly, as shown below. Click OK.

In the next box, click OK again.

The next box displays some parameters, as shown below. Click Yes.

You see "The Installation Is Now Complete", as shown below. Click OK, OK, Yes, OK.

The MASM32 Editor opens, as shown below.

PMA 302.1 "Hello, World!" (10 pts)

Paste in the code below.

    .486                                    ; create 32 bit code
    .model flat, stdcall                    ; 32 bit memory model
    option casemap :none                    ; case sensitive
 
    include \masm32\include\windows.inc     ; always first
    include \masm32\macros\macros.asm       ; MASM support macros

  ; -----------------------------------------------------------------
  ; include files that have MASM format prototypes for function calls
  ; -----------------------------------------------------------------
    include \masm32\include\masm32.inc
    include \masm32\include\gdi32.inc
    include \masm32\include\user32.inc
    include \masm32\include\kernel32.inc

  ; ------------------------------------------------
  ; Library files that have definitions for function
  ; exports and tested reliable prebuilt code.
  ; ------------------------------------------------
    includelib \masm32\lib\masm32.lib
    includelib \masm32\lib\gdi32.lib
    includelib \masm32\lib\user32.lib
    includelib \masm32\lib\kernel32.lib

    .code                       ; Tell MASM where the code starts

; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

start:                          ; The CODE entry point to the program

    print chr$("Hello, World!",13,10)
    exit

; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

end start                       ; Tell MASM where the program ends

From the menu bar, click File, Save.

In the "Save File As..." box, click "Browse Folders".

Navigate to your Documents folder, as shown below. Right-click an empty portion of the folder pane and click New, Folder.

Name the new folder PMA 302.1 and press Enter to open the new folder, as shown below.

Enter a filename of hello.asm, as shown below, and click Save.

From the MASM32 menu bar, click Project, "Console Build All".

A Command Prompt window opens, saying "Press any key to continue...", as shown below.

Press Enter. The Command Prompt window closes.

From the MASM32 menu bar, click File, "Cmd Prompt".

In the Command Prompt, execute this command:

dir

In the Command Prompt, execute this command:

hello.exe

Flag PMA 302.1: Examining the File with PEiD (10 pts)

The lower left of PEiD shows the detected language used to create the program, which is covered by a green box in the image below.

That's the flag.

PMA 302.2 Buffer Overflow (10 pts)

Paste in the code below.

.386
.model flat, stdcall
option casemap:none

include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\masm32.inc
includelib \masm32\lib\masm32.lib

.data
       welcome db "What is your name? ", 0
       hello db "Hello ", 0
       crlf db 13, 10, 0

       buffer db "NAME", 0
       done db "All Done!", 0

.code
start:
       push offset welcome      ; Effective address of welcome
       call StdOut              ; Call console display API

       push 100                 ; Maximum number of input characters
       push offset buffer       ; Effective address of buffer
       call StdIn               ; Call console input API
 
       push offset hello
       call StdOut

       push offset buffer
       call StdOut

       push offset crlf
       call StdOut

       push offset done
       call StdOut

exit:
       push 0
       call ExitProcess
end start

From the menu bar, click File, Save.

In the "Save File As..." box, navigate to your Documents folder. Right-click an empty portion of the folder pane and click New, Folder.

Name the new folder PMA 302.2, and press Enter to open the new folder.

Enter a filename of bufo.asm and click Save.

From the MASM32 menu bar, click Project, "Console Build All".

A Command Prompt window opens, saying "Press any key to continue...".

Press Enter. The Command Prompt window closes.

From the MASM32 menu bar, click File, "Cmd Prompt".

In the Command Prompt, execute this command:

bufo.exe

Try longer names, such as WALLY and DILBERT. The "All Done!" message is replaced by characters from the end of the name, as shown above.

This is the simplest sort of buffer overflow: leakage from one variable to another.

Flag PMA 302.2: Examining the File with PEview (10 pts)

In the left pane of PEiD, expand the "SECTION .rdata" container and click "IMPORT Address Table", as shown below.

The right pane shows the functions imported from kernel32.dll. Find the function name covered by a green box in the image below.

That's the flag.

Sources