Getting to know assembly language

In recent weeks I have learned a lot of things about low level software development. My interest came from a desire to offer better than average protection to a program I am working on. Through the process of hardening my application, it became obvious to me that it would be very beneficial to learn assembly. For anyone interested I found a good introduction here for anyone interested. After looking at the first few lessons, it was as if suddenly a light shone around me. All this C/C++, C#, VB, Delphi, Java coding makes so much more sense! I understand why we need higher level languages and what they are doing once they get compiled. Ultimately assembly language is as close to machine language as you get (that’s why when a program crashes in windows, if you have a debugger you can step through the code in assembly for example).

In some ways I really enjoy assembly and in others I hate it. You gain pure power from working in assembly, nearly nothing can stop you. On the other hand it takes a lot of patience and tons of experience to do anything practical in a reasonable amount of time. This calls for wise decision making. I feel bad for people who only know modern languages. Years back I recall working on sending real time data from a C++ socket server application to a Java Applet in a web-browser. There were many problems that had to be overcome (like the fact that we also had different operating systems on each end so big endian and little endian were adding to the issues). One interesting point I observed during a newsgroup discussion regarding “how do i get the size of an object in java’? In most other languages you could always do a sizeof(), alas not in Java (not in those days.. not sure if that has changed). Most of the replies were people almost wanting to beat me up saying “who needs to know the size anyways”. We have moved into a day where ‘size doesn’t matter anymore’. But it does matter, and the consequences are hidden from the unsuspecting developer who never spent the time to find out what is going on.

Back to assembly… oh how beautiful, yet complex…. how strong, yet nimble. This power enables direct access to hardware and software services, is the wind in the sails for ‘code caves’ and other reverse engineering techniques. During a learning exercise found here I quickly learned that ‘thinking’ in assembly is like thinking in Chinese when all you ever knew was English. So many differences in concepts! Everything seems to be stored in Hexadecimal or Binary representation, totally different from all higher level languages. It is truly incredible how small in size and how fast in speed pure assembly programs become. And to think I thought C/C++ was a wonder of power and ingenious… no assembly beats them all. Use C++ to do the long winded work, and asm to do the hack and slash… that’s a dream team.

It seems to me that as long as you have assembly, you will never truly have security. All people do is “slow down” the assembly hackers with their multi-million dollar protection schemes. I can now see why it is just a matter of time before any application could be hijacked. To compare, it is like locking your car or your house, then being given a teleport device (that is called assembly).

Putting assembly to a good use (everything can be used for good or evil) shouldn’t be hard. Once I feared this realm, now I embrace it.


Comments are closed.