5. implementation
1. Emulation
– Emulate some CPUs
– Ex:x86/ARM/ppc emulation on JavaScript
2. Sandbox
– Exec in jail (VM)
– Ex:Exec on VM -> send browser the result
6. implementation
1. Emulation
– Emulate some CPUs
– Ex:x86/ARM/ppc emulation on JavaScript
2. Sandbox
– Exec in jail (VM)
– Ex:Exec on VM -> send browser the result
7. CPU Emulation on JavaScript
jslinux
http://bellard.org/jslinux/
Virtual x86
http://copy.sh/v24/
11. implementation
1. Emulation
– Emulate some CPUs
– Ex:x86/ARM/ppc emulation on JavaScript
2. Sandbox
– Exec in jail (VM)
– Ex:Exec on VM -> send browser the result
12. SandBox for analyzing malwares
https://www.virtualbox.org/wiki/Screenshots
VirtualBox
https://www.virtualbox.org/
VMWare
http://www.vmware.com/jp
14. そこで「デバッガ⇔デバッギ」
の関係になる2つのプロセスを
立ち上げ
So, run 2 processes which are debugger
and debuggee at firstly,
実行コードをデバッギに渡し
結果をデバッガが受け取る仕組みにする
The debugger give debuggee some codes,
and reply to debugger the result of
executing it on debuggee
15. Assembly Tanka on Server-side
tanka.cgi
New process
Debugging
Return the result
①
②
③
④
⑤
6a 00 58 50 40
68 79 61 6d 61 50 40
6a 08 5a 5b 40
68 57 61 6b 61 54 40
59 cd 80 58 58 58 c3
Execute
• Debugging API
– DebugActiveProcess (Win系)
– ptrace(UNIX系)
16. Assembly Tanka on Server-side
tanka.cgi
New process
6a 00 58 50 40
68 79 61 6d 61 50 40
6a 08 5a 5b 40
68 57 61 6b 61 54 40
59 cd 80 58 58 58 c3
push 0x00 = 6a 00
Every step,
Dbger check the code
STEP
17. Assembly Tanka on Server-side
tanka.cgi
New process
6a 00 58 50 40
68 79 61 6d 61 50 40
6a 08 5a 5b 40
68 57 61 6b 61 54 40
59 cd 80 58 58 58 c3
pop eax = 58
STEP
Every step,
Dbger check the code
18. Assembly Tanka on Server-side
tanka.cgi
New process
6a 00 58 50 40
68 79 61 6d 61 50 40
6a 08 5a 5b 40
68 57 61 6b 61 54 40
59 cd 80 58 58 58 c3
push eax = 50
STEP
Every step,
Dbger check the code
19. Assembly Tanka on Server-side
tanka.cgi
New process
6a 00 58 50 40
68 79 61 6d 61 50 40
6a 08 5a 5b 40
68 57 61 6b 61 54 40
59 cd 80 58 58 58 c3
inc eax = 40
STEP
Every step,
Dbger check the code
20. Every step,
Dbger check the code
And, monitoring sys-call,
if code is “cd 80”,
stop the process
Assembly Tanka on Server-side
tanka.cgi
New process
6a 00 58 50 40
68 79 61 6d 61 50 40
6a 08 5a 5b 40
68 57 61 6b 61 54 40
59 cd 80 58 58 58 c3
int 0x80 = cd 80
STEP
25. じつはcd 80 (int 0x80)にプリフィッ
クスがつけられる衝撃の事実
Actually, you exec “cd 80” with a
prefix
26.
27. SandBox codes what I write
if(code[0] == 0xcd && code[1] == 0x80){
exit(1);
}
execute(code);
systemcallは呼び出させないぞ(キリ
I thought you can NOT exec sys-calls
28. code = {0x2e, 0xcd, 0x80};
if(code[0] == 0xcd && code[1] == 0x80){
exit(1);
}
execute(code);
プリフィックスつけてみたw
However, can executing “cd 80” with
some prefix (ex:0x2e)
SandBox codes what I write
31. アセンブラ短歌の楽しみかた
How to enjoy it
• Trying on several CPU(いろんなCPUで試す)
• Trying on several OS (いろんな環境で試す)
• Try to put how many charactors(多文字を出力)
• Try for a “Tasty”(味わい深さを目指す)
• The environment to be easy learning Assembly
(アセンブラを簡単に学べる環境を作る)
• Automation of making Tanka(短歌の自動生成)