Overview
This course aims to teach learners about the importance of disassembly frameworks in binary analysis, reversing, and exploit development. The course covers topics such as disassembling machine code, X86 instruction encoding, and the challenges in building disassembly frameworks. By the end of the course, students will understand the goals and advantages of the Capstone engine, which supports multiple architectures and platforms, and provides a clean and intuitive API. The intended audience for this course includes individuals interested in cybersecurity, binary analysis, and software exploitation.
Syllabus
Intro
Story behind Capstone
Binary analysis & software exploit
Disassemble machine code
X86 instruction encoding
Building disassembly frameworks is tedious
Demanding for a good disassembly framework
Available frameworks (2013)
Capstone's goals
Problems
Capstone status at 7-month old
Ambitions & ideas
Introduction on LLVM
LLVM's Machine Code (MC) layer
Advantages
Decide where to make the cut
extend LLVM's MC
Robustness of Capstone
Tricky X86 instructions
Taught by
Black Hat