-3

Computer security is a vast topic that I've avoided for a long time, assuming it was far too complex for my skill level.

I'm beginning to get a little curious, so I wonder, is it possible to just open up random exe files, (or any file for that matter) in an assembler IDE and just start changing things?

I mean, it would be certainly difficult to understand pages and pages of assembly, but if someone /can/, what is stopping them from editing a file and cramming in a bunch of instructions?

Suppose you can do this, I wonder how can machine code amount to root access? Do you have to literally open the operating system and re-arrange the code associated with passwords?

I'm guessing it's a lot more complicated and requires a great deal of tools and OS knowledge, but I'm just curious about some of the fundamentals, and a lot of the intro documentation (that I've read) doesn't talk about assembly injections.

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
bigcodeszzer
  • 916
  • 1
  • 8
  • 27

1 Answers1

1

The short answer is yes. Executable files can be modified to contain different code, and then they will function differently. With the appropriate permissions, someone could change the instructions that made up the operating system kernel, or just supporting libraries. In fact, this is precisely how some software updates work.

Now, getting the permission to make these changes is not necessarily easy. But as the administrator to a computer, this is something you can do.

You might find the topic of "inline hooking" interesting. This is when a program is modified so that its control flow is redirected. Sometimes AV does this, sometimes malware does this.

Willi Ballenthin
  • 6,444
  • 6
  • 38
  • 52
  • So as long as you have modify permissions on an at least one .exe file, you can start telling the hardware to do stuff? – bigcodeszzer Dec 22 '15 at 00:24
  • If I were to load commands into an exe (that I have write permission to) at what point can the hardware 'check' if I'm allowed to modify something in a register (eg. operating system code) – bigcodeszzer Dec 22 '15 at 00:26
  • Or disk for that matter – bigcodeszzer Dec 22 '15 at 00:27
  • This is one of the jobs of the operating system kernel: to handle access to hardware and ensure separation among processes. While you can add different instructions to the .exe, you may not be able to directly access a piece of hardware, because the kernel doesn't expose a way to reference it. So, its the kernel that performs access control checks on the process that runs your .exe to decide if you can interact (or destroy!) hardware. – Willi Ballenthin Dec 22 '15 at 00:27
  • So assembly code that's patched on won't actually run? – bigcodeszzer Dec 22 '15 at 00:30
  • When I say 'hardware' I mean like, the stuff that you control with assembly code (cache, registers, cpu, etc) – bigcodeszzer Dec 22 '15 at 00:30
  • The new code will run. This code can modify some registers, some memory, and affects the CPU. But, the kernel still has some control over what these instructions do. For example, an "access violation" is the kernel saying, "you can't reference that region of memory". The code that attempted the reference ran, but its effect was rejected, and now the process may crash. – Willi Ballenthin Dec 22 '15 at 00:33
  • Would the kernel prevent the assembly code from say, loading/booting another operating system? Supposing you can, is it possible to access that memory from the other operating system? – bigcodeszzer Dec 22 '15 at 00:48
  • Alternatively, although I assume its not possible, can injected assembly code interfere with how the kernel configures the cpu/mnu? – bigcodeszzer Dec 22 '15 at 00:51