This will be a short post describing the tools and environment which you should set up if you’d like to follow along with this series of blog posts along the path to learning x64 Assembly.
Any 64 Bit Linux Distribution
I’m partial to Debian based distributions because they Just Work(tm).
I’ll be using the most recent version of Ubuntu for this tutorial series, with the Terminator terminal and the solarized theme. Terminator because it makes split terminals easy, and solarized because it’s easy on my eyes and it looks neat.
You’ll need to ensure that GCC using your distribution’s standard package installation mechanism (apt, pacman, yum, etc.)
We’ll be using GCC to compile C applications into 64 bit ASM. Sometimes it’s easier to see how a high level language maps to a low level one.
GDB and PwnDBG (or PEDA, up to you)
Next up, install GDB using the standard package installer and then go and install PwnDBG. The instructions at the provided link should make it easy to install it and get up and running.
GDB is a disassembler. This means that it is able to take a binary executable file and convert it back into the mnemonics which created it. Reading these mnemonics to understand what the program is doing internally is the definition of reverse engineering.
PwnDBG is an addon for GDB which adds several wonderful quality of life extensions, such as colouring the output of the application and a nice, sane layout when debugging the binary under review.
Speaking of debugging, GDB stands for the GNU DeBugger. Debugging (or dynamically analysing) a binary is the process of running the application’s program instructions (mnemonics) one after the other, to be able to introspect the state of the process’s memory after each instruction.
This is invaluable to us when attempting to reverse engineer a complicated binary, as we can slowly step through complicated sections of code at our own pace and slowly gain an understanding of what’s happening.
Ghidra (Gee-drah, btw)
We mentioned above that GDB was a Dynamic Analysis tool. Ghidra is an extremely user-friendly, freeware Static Analysis tool.
The difference lies in the fact that GDB allows you to step through the code instruction by instruction and watch things change dynamically, Ghidra simply decompiles the application for you and shows you a graph of how the various blocks of code fit together; for example which block of code calls which block of code under which circumstances.
This graph view of a piece of code is extremely beneficial when reverse engineering as it shows us at a glance which pieces of code are utilised in loops etc. in which circumstances.
We’ll be using both GDB and Ghidra in order to become well rounded reverse engineers.
NASM and ld
The Netwide ASseMbler is a tool which allows us to take hand written assembly mnemonics and assemble them to opcodes which the CPU can understand.
ld is a linker tool which ships with the vast majority (all?) of Linux distributions. This will allow us to take our assembled opcodes and link them with the C standard library etc.
Both of these tools should be already installed on your linux machine, you can check with which nasm and which ld. If either of them isn’t installed then use your Linux distribution’s package manager to install them.
A text editor
Any text editor you please, for writing assembly instructions into.
I like VIM, some people like emacs (??), some people like Visual Studio Code. Install and use whichever you please.
Enthusiasm and an open mind
As I’ve mentioned before. This stuff is hard and will require patience and practice to get good at.
Just do your best, and reach out to me on here or on Twitter if anything flummoxes you.