Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware. Many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation will be defined.
Course Concentration:
- 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture.
- 50% will be spent learning Windows tools and analysis of simple programs.
- Final 25% of time will be spent learning Linux tools for analysis.
This course serves as a foundation for the following intermediate level x86 course. Students will learn assembly code and the basic concepts and characteristics of associated hardware. This course also contains the most common assembly instructions. Although x86 has hundreds of special purpose instructions, students will be shown the possibility of reading most programs by knowing only around 20-30 instructions and their variations.
The instructor-led lab work will include:
- Stepping through a small program and watching the changes to the stack at each instruction (push, pop, call, ret (return), mov).
- Stepping through a slightly more complicated program (adds lea(load effective address), add, sub).
- Understanding the correspondence between C and assembly control transfer mechanisms (e.g. goto in C == jmp in ams).
- Understanding conditional control flow and how loops are translated from C to asm(conditional jumps, jge(jump greater than or equal), jle(jump less than or equal), ja(jump above), cmp (compare), test, etc).
- Boolean logic (and, or, xor, not)
- Signed and unsigned multiplication and division
- Special one instruction loops and how C functions like memset or memcpy can be implemented in one instruction plus setup (rep stos (repeat store to string), rep mov (repeat mov).
Learning Objectives
- Demonstrate to students with programming experience that assembly code is not an arcane art, but rather an API which can be learned like any other.
- Allow students to gain exposure to a core set of Intel x86 architecture and assembly so as to be able to read and understand short programs in disassembled form.
- Provide exposure to a hands-on environment for both Windows and Linux.
- Describe the techniques for analyzing binary programs with both disassemblers and debuggers.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Technology R&D
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.