From 0f46a714aab9e37a91f057530b62d4e961cf3fa5 Mon Sep 17 00:00:00 2001 From: Marsha Date: Sat, 30 May 2026 10:31:26 +0200 Subject: [PATCH] day1 week1 --- README.md | 60 +++++++++++++++++++++++++++++++++++++++ week1/day1/README.md | 31 ++++++++++++++++++++ week1/day1/anki_cards.md | 31 ++++++++++++++++++++ week1/day1/exo_1 | Bin 0 -> 16976 bytes week1/day1/exo_1.c | 7 +++++ week1/day1/exo_2 | Bin 0 -> 16856 bytes week1/day1/exo_2.c | 7 +++++ week1/day1/exo_3 | Bin 0 -> 16904 bytes week1/day1/exo_3.c | 6 ++++ 9 files changed, 142 insertions(+) create mode 100644 README.md create mode 100644 week1/day1/README.md create mode 100644 week1/day1/anki_cards.md create mode 100755 week1/day1/exo_1 create mode 100644 week1/day1/exo_1.c create mode 100755 week1/day1/exo_2 create mode 100644 week1/day1/exo_2.c create mode 100755 week1/day1/exo_3 create mode 100644 week1/day1/exo_3.c diff --git a/README.md b/README.md new file mode 100644 index 0000000..2df9da0 --- /dev/null +++ b/README.md @@ -0,0 +1,60 @@ +# 1-Month Integrated C & Reverse Engineering Course + +Welcome to your intensive 1-month journey into the heart of software. This course is designed to teach you **C programming** and **Reverse Engineering (RE)** simultaneously by following a "Build and Break" philosophy. + +## 🎯 Goal +By the end of this month, you will not only be able to write robust C programs but also understand how they are transformed into machine code and how to analyze binaries without access to their source code. + +## 🛠 Prerequisites & Tools +We will be using a Linux-based environment (x64 architecture). Ensure the following tools are installed: +- **Compiler:** `gcc` +- **Debugger:** `gdb` (highly recommended to install [GEF](https://github.com/hugsy/gef) or [Peda](https://github.com/longld/peda)) +- **Static Analysis:** [Ghidra](https://ghidra-sre.org/) +- **Binary Utilities:** `objdump`, `nm`, `strings`, `readelf` + +--- + +## 📅 Curriculum Overview + +### **Week 1: The Building Blocks (Variables & Memory)** +* **Focus:** How data is stored. +* **C:** Data types, variables, scopes, and basic arithmetic. +* **RE:** CPU Registers, the Stack, and Memory Addressing. +* **Task:** Write a math program and watch variables move through registers in GDB. + +### **Week 2: Control Flow & Logic** +* **Focus:** How decisions are made. +* **C:** `if/else`, `for/while` loops, and `switch` statements. +* **RE:** Jumps, Flags, and Branching logic in Assembly. +* **Task:** Build a password validator and bypass it by patching the binary. + +### **Week 3: Functions & Memory Management** +* **Focus:** How programs are structured. +* **C:** Functions, Pointers, Arrays, and Memory Allocation. +* **RE:** Calling conventions, Stack Frames, and Pointer arithmetic. +* **Task:** Create a sorting algorithm and trace the memory layout during execution. + +### **Week 4: Data Structures & Vulnerabilities** +* **Focus:** How complex systems work and fail. +* **C:** Structs, Unions, and Dynamic Memory. +* **RE:** Heap analysis and identifying security vulnerabilities. +* **Task:** Build a small database and exploit a controlled buffer overflow. + +--- + +## 🔄 Daily Workflow +For every topic, we will follow this exact pattern: +1. **The Lesson:** A conceptual deep-dive into a C concept and its RE counterpart. +2. **3 Exercises:** Hands-on challenges where you write the code and analyze the binary. +3. **The Correction:** We review your implementation and deconstruct the assembly together. +4. **Documentation:** We generate a topic-specific `README.md` and a set of **Anki Cards** to ensure long-term retention. + +--- + +## 🚀 Getting Started +To begin, create your first program in the `week1/` directory: +```bash +mkdir -p week1/day1 +touch week1/day1/hello.c +``` +Refer to the `plans/1-month-c-re-integrated.md` for the full detailed schedule. diff --git a/week1/day1/README.md b/week1/day1/README.md new file mode 100644 index 0000000..24df0a5 --- /dev/null +++ b/week1/day1/README.md @@ -0,0 +1,31 @@ +# Day 1: Variables, Memory, and the Stack + +## 📝 Concepts Covered +Today we explored how high-level C variables are translated into low-level machine instructions and memory operations. + +### 1. The Stack and RBP +Local variables in C are stored on the **Stack**. The CPU uses the `RBP` (Base Pointer) register as a reference point to find these variables. +- `int a = 123;` -> `mov DWORD PTR [rbp-4], 0x7b` + +### 2. Register Basics (x64) +Registers are small, fast storage locations inside the CPU. +- `RAX`, `RBX`, `RCX`, `RDX`: General purpose 64-bit registers. +- `EAX`, `EBX`, `ECX`, `EDX`: The lower 32-bit halves of the above (used for `int` in C). + +### 3. Data Sizes +The assembly instruction specifies how much data to move: +- `BYTE PTR`: 1 byte (`char`) +- `WORD PTR`: 2 bytes (`short`) +- `DWORD PTR`: 4 bytes (`int`) +- `QWORD PTR`: 8 bytes (`long` or pointers) + +### 4. Arithmetic Pattern +CPUs perform arithmetic using a **Load-Modify-Store** cycle: +1. **Load** memory value into a register. +2. **Add/Sub** the register value. +3. **Store** the register result back into memory. + +## 🛠 Exercises Completed +- `exo_1.c`: Basic assignment and hex identification. +- `exo_2.c`: Arithmetic deconstruction (The `add` instruction). +- `exo_3.c`: Data type sizes and memory offsets. diff --git a/week1/day1/anki_cards.md b/week1/day1/anki_cards.md new file mode 100644 index 0000000..6a15ffa --- /dev/null +++ b/week1/day1/anki_cards.md @@ -0,0 +1,31 @@ +# Day 1: C & Reverse Engineering Anki Cards + +## Card 1 +**Front:** In x64 Assembly, what does `DWORD PTR` indicate about the size of the data? +**Back:** It indicates a 32-bit (4-byte) value, typically used for an `int` in C. + +## Card 2 +**Front:** Translate the C code `int x = 10;` into a conceptual x64 assembly instruction. +**Back:** `mov DWORD PTR [rbp-offset], 0xa` + +## Card 3 +**Front:** Why can't a CPU usually add two memory locations directly (e.g., `add [mem1], [mem2]`)? +**Back:** Architecture constraints. It must follow the **Load-Modify-Store** pattern: move values into registers, perform the addition, and store the result back. + +## Card 4 +**Front:** What is the relationship between `RAX` and `EAX`? +**Back:** `EAX` is the lower 32-bit half of the 64-bit `RAX` register. + +## Card 5 +**Front:** Match the C type to its Assembly size prefix: +1. `char` +2. `short` +3. `int` +**Back:** +1. `BYTE PTR` (1 byte) +2. `WORD PTR` (2 bytes) +3. `DWORD PTR` (4 bytes) + +## Card 6 +**Front:** What does the `RBP` register represent in the context of local variables? +**Back:** The **Base Pointer**. It serves as a fixed reference point on the stack from which local variables are accessed via offsets (e.g., `[rbp-4]`). diff --git a/week1/day1/exo_1 b/week1/day1/exo_1 new file mode 100755 index 0000000000000000000000000000000000000000..8e88123a88d50268c60639ebb75139904b8d8a92 GIT binary patch literal 16976 zcmeHOTWlQF89uZ2CQhB$&aDXq@FXNOq0D-H%MDC6aqO%iA&?jf5_B}XJA0}3#_agA zsZfK`R*Dc+s8A&;q(-z4ee46OP@haekoKWX9xA0$AFK)_s@{TH+5l~~-#_#JoAq?f z1GEwkbF7{J`kiy;KWEOI<2mOW6UQebnx-UmsQVR3i9TPGV8ew2%zz}+ezgwQJJk-g z3Ua5X^X&#|D^&Oyu+e%CuI_;~KP^lqN!mX4pP=%0$D!vcGMajT&kUqi% z2o-y?Je|Nux_52T-Ha33ileGrHhllfW6NoR_i%YarMyRgcV%A*C zam|udC_|H8u*__sY!wS{;nlWm5yI7>iAN*_$*9xzvszbx0)!M$&NIkQEbS_@a%{@Jn z&x|aT7P5Q4_Oy{pr;Wjp*l;Y4#zvbLQp%i~K4E5T$IcaMuI)^p7%x`J_Oz8M+PME* zsZ!>Mn7(UUM{0G=`|H3p;>B0`^X#pKHPn0P`5@h^FMJQ(B7zawPcqKP^R2J<^;dZu z5&aTp*p=|@q8Its$V z{dz}Idn?)l&#lGltEmktIxF z1i}b}5eOp?Mj(tp7=bVXVFbbmgb@fM5Juqh69M|Zq;2cCcQ>j;-)C;S)@VEldJibA z*zW_ya$4jS;r^Id1vpDWV$s>oTjNILm;h3{$0WZd;KnS7~!Coz_*9s3v0mHNv$4CQe_Q{0ZNuumEhw7-xT$DNJ9JA&&%tgWx~DdhM`G(4dQ48^ z7ez0@9s*QP`?zNv5$YKDf$8_6csJw-_}&OTlA3pkcB?fJss5(ung?g2YiFa{6A}EE zLc<2)oIYEw6>?=eqf-c)LOO3bs+O-f?s5lTMXny07;gtQnpGbk+{Z1e8>Mo^sFVt> zQM9eBk#($+ZB#38w;dSW*|I&Bv&*(qNJF%obbid=&aN9d-8eafUtBk`4^NHbijCgs z86#b^YI&pTR9rjl7Aj>J&e%@HNL$6CF`u0uC$WKlQp zg|ur_=4>ZhtjzmLufl=4LM&%0C8K8BnX#Lj#dX7|TDYsRTCHlNX0urv`D5?-7&e#Z zDh=l{j#crVtEz_dH}umu6p#i@lJ@$`7q6D>-x!_fDsEzNj}^&s>cBI}gA zCqAptZqYKdYp?$X|#M7sf&~HFHCb*y6 z#pY+&U;2Zf&a=OaI`W?X4)j!?p#S%w*9F`{Uxl8=uweQ%^cy003IhFBolZOMV61}E z5LT*Sx>im>k-~Y2@@Z&q9-T1Vl9{H%6E(PIDrT-&Nm)fRgCjXL)0$mS=}M_uv|T$B zi?{cnqb3E@avZB}+GW?ND{s^=Gqa^q9gr5ugr~dARi1uS&Ms%DYNk1P>hOsPbK;?+ zCQff0ed3|RC#J@s#;9seB-xrgdPJ^!P6?|&{0_| zl(QA#tyBtc7m;u#%oZL25|-3x7AN=+eF~W-MR@curu!*)zH*xNLddr@eF*~1!~`$% zcA<3ch?0y)-ZZa8z7zaEFy|G#%=3lrBrsAC?`xH!V~;e)7rd+kgkE4rZ?*_t%9r{3 zD0DQ}7QC!0gvvUCv+-gjJW-lk(wtuKGLIK3>m{kb_z9)=FRc+ozDN~C5*qhKFUAym zsXwdL6JRKB!OOZu=ps8x`GS}GPs2|6$~vk!{_;31>o?A(*$yHX0(hNqLRl2|VD_pU zz{eRNRO%}kh%9tIfKM=9Xe7{KgY}{LOzZv2`&p>0Z>4;RqsZqN-<&(>Y+)Mo7g^|Y zjF77(nBEq=%vZ0{zpY$UdgULnk@_&TI0m@COgm=Apk#dE;3sWn;35fd`DMxY;oXCF! zLpmv6=3#w|5Bl@%2wYtQM>=+I>IL8I*K85I&<`2k1TwROGYsY{IPvd-BB&$VDF#yi zY)wJmO)KC(U_7m3T2l~D=ahpw@_%s9M}4Ig3_j=^V|?&FUt#=X0f2}?53GQ{KI9i1 zeEtR3O6A#Yt?F+27YI_4JH~eK)Rxj8Wc + +int main(){ + int a = 123; + int b = 456; + return 0; +} \ No newline at end of file diff --git a/week1/day1/exo_2 b/week1/day1/exo_2 new file mode 100755 index 0000000000000000000000000000000000000000..43ce31153831d6710e107c0bde909b54f31e40df GIT binary patch literal 16856 zcmeHOTWlQF89uYNiBl)G6O+aez?+b?gfi>(+RhE!Y~nas(}bjngFu3g_A+~^_r~n_ z78NxpZ6zzB3KgnE#Y5Egp)ZwqKo#nfDG1U^rO893RO*9Ofkf3?P-z>W&G!4x{QqV> ztU-cS?ZX^v=Rg1D`_GyGoH=uj=bW!k96cN|3?->eeNhn?@AV{cR`l=X3`ktxi6#!*!+o1XpUv6VE=aY-;09I=F3X52F48kEahW-9Td zn9%Q17#AczjcX~jotON$&aEu>(JGa;%LM;14YI>o%J3m}=W@o31 zrSx>l%oPi%v>A(xM9o-iWDwk7F=G}B<(YYNe$Os**GQyRiNth;sk_sCNdMP;l5a)I zmM%eJ%99Q0y!(F&Iqu7#SL`=RTCmE6a2s3b{sCFIg}e`dR`PAD$ot@9TMIwRvM4H6 z%}qM4RZ14hkfi66R<=-177J%=MQV!6E_LMS?UhDW*1hd`8QFfzz!vB5_%G1ESKJo5nfPQ`A`mG@6PrrM9;<|BpapIpZ zfmM%F#2WEzM37WL3L+3hAc#N^fgl1w1cC?z5eOm>L?DPj5P={9|Jw-A_a$RX+x_>T z8uWeUj%)S$W1#ne(u(~7P%Nj_j(6(y=Rs-VOUXEMQW^8T#+G$!IxpY@5y|hs@7iDL z_0N&Pp*8vo({^M>@OuezE$Hq&+};0RPuE=MS+)Q6`|lmzu0J0Vp31!lJNXs`R{L~8 zpF%yzmpahh`>oLU`dcg%OgyJ{&?tWNE$PTZr&Z{zS|XWzyTbRh6+G^G1y8nAKe8u0 zCHjs<>-``F5eOm>L?DPj5P={9K?H&b1Q7@#5JcerF#@vRPxkl8`bYL?-pQ37XSz;q zLNCq~_H}#d1n(QXjd|HuxP^IHd)>~w>@TD>ASKb$x{6Yj7E?%nyHT$Yy~w=m{dh1LOVzQHa#`aZ;oQJ$a8QNIm?hLbKD`Z<2B4>m;XpQgJ8_$!}NUAoXp=UBiO0|30 zyiuDeDUAv}Q&jEk9fdM9#)xX`+_%-ZziaQ-wUd1zv}$OBv7@`Mt8HM*zy@REn%>P= z*GG)~x3zWe>w;O=WFLv+{bz17u$Q@gyXxxtVpkj0ehR-1v^w?#D8n#5=w45R8k(wX z7z6t5?gbx0z9&SFn4vEnU21Je?xwF}?U!a|I@bNT!+11=e>)fmZg_lXH^(<@mdX{g zQYyG+(N1Q~tdlI+X0?L*u^lMgnX)~Wv&*(qNP|r}>HL_tsXT1v!shW9e$lX*Jux|s zE4Evwr_FRRS<9PMr{daaw@@iVamIEkW;$6cnlm*!V`ATNZA|BKRg}UwMpPWL<~o%! z+-FfYtNJR$i`3km&r*%sp$gL7JOS^if z?$^=tZD0qyoNoxT0qt9FWj_FUNUc*<9uL`EZDsjIpL~SnGTw^)gUA>drF!F@gz87> zVf+mIw@k)MEyU$X{HR2{wk> zr2ON{6^-pt?ctS9-qiM=ZH&93eIJ=t=MOd`AYn0Tq6f7c4{5wfi0m-ry=rqKo}%3c z`Nq(CCGRVd$JyTR=a}{{RyXNmkZ%ZWRx%EXra*Gl-Kea*&*ruNe$^irOOGCgd?VU1 z&izFHFBGaL*L} z)uQd%nMky?1s(Y)SV_l8E?9QibrzH!H>}J|sk8t{6KBEFU12JZJ}PIIGgLLpI(+iL zu?cJ9p+goch*Sx1f@KX~A%b^P$*Qxj9x)PaLXCxGxD zOo_|+6P!8u$nzU^Cg~=Xz8!cW#yiXbX64BaD^sgjc?^bh>SOXatTKhNMZ>K^1aPrZ zwHjmjXbet@$Q{uUl9uN}Rvw^fRGW^?=)frzsV$V;WD3-EJerrBexFoTBv+n^V>)huM2oCC6CgRr2<|8o_|D8MbP(3=u(i`shJ!s zljR&bDzk-hwj%jtDuq{za5$S~OCAA|EQ!%9j{hP01U$`?@#tYp_mcmdBTX)v6WKPW z&x4^Uq~K-#EYyEKPEWUBFXPkQ$p0O4Pr=K4Td0gPVlQ~WbfV*jG}jiq%*TaZ@XT}_ zsqTW8dGsh`H0Kq(%u7%X)rkki01s*VmgDDOc!QP&MNlfT)L& za>Rq+g#QCFB$M)G9@fivzdhfMz|}S6NXF(3x!@c9nl*wK`X1vOK+bGqhkn0;6Z=jG z{4&y=WZ>7tkg4DH)>ZItF#g!b;OV@u-zPz~40*suJ_a9Qy#GFHjPLb17gp%rRq*Fx zUcvt7UvSM-p55lEzQFhdcZ{u2Qd>%YkoO;E+>O4|jK5AVMx zp59}epcpxaEJS1?6p4rjE6GFNk_Qx_JS_o%lZV89h~!9#w2D9?%4L*`BY5)t)%CY$ zJF`4MBJt3*n);9WzdHV^uCCgy`s&27BQZ@A96H2(f}~WRuSuzd^ghLaq{Lpa2JxL@ zn^*z4Q|kQmluwZAhpVxrv`gtbKnb^rm^O6ER|}?GL!yLRE?l4rAutuH9fXThf|A4Z zv?_oprw8Tf1V+$h9MGK#$FvnkRk>{V_Ls+&(v6Hhjj=C}VDaB3`rUa@~!k&0y^!mVqQ_Alu4Hv07dw9{`}M!z0;Y-^K`FirA` zS@$g0Gb>i93Qcz2GV`UXRW6;e1tpVTc8jCOCJ&99Ly4ipXuuDTw06PZ-nmgXIh&l$ zl*_}7xzgxpWwv<6oi0w#xyeRm+Nc-pa+y58|I>9`E4-1Z4GoXh>U%09jojYR*<`IS z`_yzXH!@$D&+mTnDWj0h8iON=;Y1RhjXp1BggH5N+|1doT`1K(+nqW-UUsVXl$9yl zXn&#NRFy|e-?XhE^|~hiIuOUCe|bF5Y%Z;$(L>J%>0W;RI~W!*%*cM=d4`{FeXXy* zs^$^aFRBc?Qhqw?S-yI}*VC9o*9T#-Mc+D3-)YgSDP3Z&wdna-riAxe^sUc8P*B7~ z9*8^;c_8vYnz25bjEU!8G zJ*b;Iet@{QKLze*;PMx^GK3%e^W^y}UrL|RTa_PytAK+z8qkD^yK7km59lHqHL!oDQ!M>9lrT~D9CmVWgw z2hy*;*OAuVNME_`-HZ%&s0_NAi}~LE!#D6$zq4bMEM~rNI(=>|Mr`{0+urK*vtuhD zytAv>Y`&92^hW%n1XjCGpzNT0!vA3oiKl^iW8!@+|K`L8w}>|<{{3a-^9p|A3G!6n z$G~%x6otqGkq06VL>`Dd5P2Z-K;(hQ1Ca+J4@4e_Jn-4@0DWK5wshRH6V;*bGq+u9 zHXjGQ8M-=}R^y|U{9J`j=qHvF#rwb}d}85~|I zzc6hFJA&UU&`U*6-;th8_xEZE$LX}MqEMsF6v98QHyxrEmCR@V9#w{P-jKp2 zmCpOGdsRca{baF8(G7|+Q82Nf&KIs!371ttT(1SC$6-ntIKMlT%yu6({raMKsk*M@ ziz+{S8J6u~KVzFJTxim`gSzi_U755)c5Z;@G%Y>@n{c}J5@|I{#BTZunAr0rEh9R* z&q@ACEh{=#kwNVFvWR!aOI1(Av=y6?Uo7T(UmFn}UHi9c_jK>;o?IV8AIG+f?(X}# zJ9@CYU#sotS>N5!zombzwr*wLM*IULp&hujqi27&4KIO?Wn-pp z=L{TAu8&EsP(vvSrx1>7)IHa!BKth*2ELT_3}@DM^JQnwSIP>9>I$)%b1FvNwsT`Q zPIl{tQM1shv3k8`WM=Yt8~Nj)_}GY$$H%ip%M}Afr(zFO+b*M)o{Ev;F;GG|Xy!DPKeNqwp|(8veV+^Q%-MdKy2XO>7Y1`RIzo_KHq@X(n$;`&)u}no~aj)9${) zMmR)gqZWEd>hbKRT9jaiq3;tL1AlVre(2Z5)(C#Tu|B2j!}%PS`Lopx`Z)A!V;cp} zo19W2y}aEi z^eSeSE)e7g?uLE8Cu(OC;M{&=rxAX}PY|Fzu@6HiVo& z%-l?+(g37IGGXa0G3Cb}m9wiks+wsYIeGB-ggNoxVH3A54nOwb!Q+$TP-B8MC(j~+X5=-@H)#E~PXCZ^1(gNKey01>{(lH&U+xTEs1_dV>KbZUjO~80_ED=nkxpvtifJjge ziA1gJM~Q+1#_ zpEKQ#bP8Ok@bRpRPC2 zTAcB`{$|Si9IijxF{Sq}t?gO9=&v9J)1+Ul^l@wbm0COohVo`S?>Cq(C_^qk-2N=m zDPP|I1oN+&hk4(nvI+Wu%NelDbS{KXDLm77sKdhb zq4i8_`}zIMl=r1vKKqen+7u8zSUcz{MbWT5%S@kzIpMkgc)h}upC6U$fBFB#5I(8< zmP}t@prY(IR(~H1?Nzz_OS+%JH06sy9LE0yDXn;3zcSSWq|b1>S^YW~tXkwVNIG6W z^1az`c`P%%3`}nep4Y2aX<|TNJ72mXv;Mb8ps`PL00mx02KS)V_)(8#kROjDnuE!N z@x1?E7@*vQNXhs{#N{%58%eGB0Fd-CTn^{JIF|nihICv$ufzHjK5Va=!*Fp89O;yK zpl5tAu2l--nZB>^0Z=j9REFVv8OQcrP=s}qc2WW9`DhJc+nblc|4!i_X$6B1CJ58Gim5*Gl=>4Jrv{QQ^~SU~Gks p`jW>3zyGk}4#p1HAne@jv%ltoR7yz1o})efqdh)gG6V>T;y)7ykD>qo literal 0 HcmV?d00001 diff --git a/week1/day1/exo_3.c b/week1/day1/exo_3.c new file mode 100644 index 0000000..b2a5e13 --- /dev/null +++ b/week1/day1/exo_3.c @@ -0,0 +1,6 @@ +int main(){ + char a = 1; + short b = 22; + int c = 123; + return 0; +} \ No newline at end of file