day1 week1

This commit is contained in:
2026-05-30 10:31:26 +02:00
commit 0f46a714aa
9 changed files with 142 additions and 0 deletions

60
README.md Normal file
View File

@@ -0,0 +1,60 @@
# 1-Month Integrated C & Reverse Engineering Course
Welcome to your intensive 1-month journey into the heart of software. This course is designed to teach you **C programming** and **Reverse Engineering (RE)** simultaneously by following a "Build and Break" philosophy.
## 🎯 Goal
By the end of this month, you will not only be able to write robust C programs but also understand how they are transformed into machine code and how to analyze binaries without access to their source code.
## 🛠 Prerequisites & Tools
We will be using a Linux-based environment (x64 architecture). Ensure the following tools are installed:
- **Compiler:** `gcc`
- **Debugger:** `gdb` (highly recommended to install [GEF](https://github.com/hugsy/gef) or [Peda](https://github.com/longld/peda))
- **Static Analysis:** [Ghidra](https://ghidra-sre.org/)
- **Binary Utilities:** `objdump`, `nm`, `strings`, `readelf`
---
## 📅 Curriculum Overview
### **Week 1: The Building Blocks (Variables & Memory)**
* **Focus:** How data is stored.
* **C:** Data types, variables, scopes, and basic arithmetic.
* **RE:** CPU Registers, the Stack, and Memory Addressing.
* **Task:** Write a math program and watch variables move through registers in GDB.
### **Week 2: Control Flow & Logic**
* **Focus:** How decisions are made.
* **C:** `if/else`, `for/while` loops, and `switch` statements.
* **RE:** Jumps, Flags, and Branching logic in Assembly.
* **Task:** Build a password validator and bypass it by patching the binary.
### **Week 3: Functions & Memory Management**
* **Focus:** How programs are structured.
* **C:** Functions, Pointers, Arrays, and Memory Allocation.
* **RE:** Calling conventions, Stack Frames, and Pointer arithmetic.
* **Task:** Create a sorting algorithm and trace the memory layout during execution.
### **Week 4: Data Structures & Vulnerabilities**
* **Focus:** How complex systems work and fail.
* **C:** Structs, Unions, and Dynamic Memory.
* **RE:** Heap analysis and identifying security vulnerabilities.
* **Task:** Build a small database and exploit a controlled buffer overflow.
---
## 🔄 Daily Workflow
For every topic, we will follow this exact pattern:
1. **The Lesson:** A conceptual deep-dive into a C concept and its RE counterpart.
2. **3 Exercises:** Hands-on challenges where you write the code and analyze the binary.
3. **The Correction:** We review your implementation and deconstruct the assembly together.
4. **Documentation:** We generate a topic-specific `README.md` and a set of **Anki Cards** to ensure long-term retention.
---
## 🚀 Getting Started
To begin, create your first program in the `week1/` directory:
```bash
mkdir -p week1/day1
touch week1/day1/hello.c
```
Refer to the `plans/1-month-c-re-integrated.md` for the full detailed schedule.

31
week1/day1/README.md Normal file
View File

@@ -0,0 +1,31 @@
# Day 1: Variables, Memory, and the Stack
## 📝 Concepts Covered
Today we explored how high-level C variables are translated into low-level machine instructions and memory operations.
### 1. The Stack and RBP
Local variables in C are stored on the **Stack**. The CPU uses the `RBP` (Base Pointer) register as a reference point to find these variables.
- `int a = 123;` -> `mov DWORD PTR [rbp-4], 0x7b`
### 2. Register Basics (x64)
Registers are small, fast storage locations inside the CPU.
- `RAX`, `RBX`, `RCX`, `RDX`: General purpose 64-bit registers.
- `EAX`, `EBX`, `ECX`, `EDX`: The lower 32-bit halves of the above (used for `int` in C).
### 3. Data Sizes
The assembly instruction specifies how much data to move:
- `BYTE PTR`: 1 byte (`char`)
- `WORD PTR`: 2 bytes (`short`)
- `DWORD PTR`: 4 bytes (`int`)
- `QWORD PTR`: 8 bytes (`long` or pointers)
### 4. Arithmetic Pattern
CPUs perform arithmetic using a **Load-Modify-Store** cycle:
1. **Load** memory value into a register.
2. **Add/Sub** the register value.
3. **Store** the register result back into memory.
## 🛠 Exercises Completed
- `exo_1.c`: Basic assignment and hex identification.
- `exo_2.c`: Arithmetic deconstruction (The `add` instruction).
- `exo_3.c`: Data type sizes and memory offsets.

31
week1/day1/anki_cards.md Normal file
View File

@@ -0,0 +1,31 @@
# Day 1: C & Reverse Engineering Anki Cards
## Card 1
**Front:** In x64 Assembly, what does `DWORD PTR` indicate about the size of the data?
**Back:** It indicates a 32-bit (4-byte) value, typically used for an `int` in C.
## Card 2
**Front:** Translate the C code `int x = 10;` into a conceptual x64 assembly instruction.
**Back:** `mov DWORD PTR [rbp-offset], 0xa`
## Card 3
**Front:** Why can't a CPU usually add two memory locations directly (e.g., `add [mem1], [mem2]`)?
**Back:** Architecture constraints. It must follow the **Load-Modify-Store** pattern: move values into registers, perform the addition, and store the result back.
## Card 4
**Front:** What is the relationship between `RAX` and `EAX`?
**Back:** `EAX` is the lower 32-bit half of the 64-bit `RAX` register.
## Card 5
**Front:** Match the C type to its Assembly size prefix:
1. `char`
2. `short`
3. `int`
**Back:**
1. `BYTE PTR` (1 byte)
2. `WORD PTR` (2 bytes)
3. `DWORD PTR` (4 bytes)
## Card 6
**Front:** What does the `RBP` register represent in the context of local variables?
**Back:** The **Base Pointer**. It serves as a fixed reference point on the stack from which local variables are accessed via offsets (e.g., `[rbp-4]`).

BIN
week1/day1/exo_1 Executable file

Binary file not shown.

7
week1/day1/exo_1.c Normal file
View File

@@ -0,0 +1,7 @@
#include <stdio.h>
int main(){
int a = 123;
int b = 456;
return 0;
}

BIN
week1/day1/exo_2 Executable file

Binary file not shown.

7
week1/day1/exo_2.c Normal file
View File

@@ -0,0 +1,7 @@
int main(){
int a = 10;
int b = 20;
int sum = a + b;
return 0;
}

BIN
week1/day1/exo_3 Executable file

Binary file not shown.

6
week1/day1/exo_3.c Normal file
View File

@@ -0,0 +1,6 @@
int main(){
char a = 1;
short b = 22;
int c = 123;
return 0;
}