Are they the same?
Longer version :
Say I wrote, in assembly, on a windows machine, a small app that all it does is add 1+1 and stores it in a register. THEN, I write the exact same code on a Linux machine. Would it work?
Im thinking yes, because at the hardware level, its the same machine, so the 'language of the hardware' (forgive the inexactness) would be the same.
So Im thinking a virus targeting windows but written in assembly wouldnt just be a windows virus.
A virus will most certainly need to interact with the operating system, and use its API. Hence it is highly platform-dependant.
In addition, an executable also has a header, and this will depend on the targeted OS. If you would create a more or less empty EXE file in Windows, this would not run (not even start) under Linux.
programs written in assembler on windows are not binary compatible with linux... you need to compile(assemble) them again on linux, but keep in mind that there are differences between assemblers.. they differently handle for example parts for declaring code, data, bss
windoes execs don't run natively on linux (you can run them in wine, but they are gonna be sandboxed)
I know there are a few cross platform viruses existing that work both in Windows and Linux (but they're very weak). Just Google Cross-Platform virus and you'll find more information. but the hardware level code is not enough to interact with both operating systems. for example in Windows we have Registry and it doesn't exist on Linux... also Linux environment variables doesn't work on Windows.
It's very hard to make a cross-platform virus. actually you may create 2 viruses, one for Windows and one for Linux, then detect the Operating System and execute it's individual code.
The language itself is pretty much the same, but the operator instructions are different. The tutorial at http://asm.sourceforge.net/intro/hello.html has a pretty good explanation of this.
section .text
global _start ;must be declared for linker (ld)
_start: ;tell linker entry point
mov edx,len ;message length
mov ecx,msg ;message to write
mov ebx,1 ;file descriptor (stdout)
mov eax,4 ;system call number (sys_write)
int 0x80 ;call kernel
mov eax,1 ;system call number (sys_exit)
int 0x80 ;call kernel
section .data
msg db 'Hello, world!',0xa ;our dear string
len equ $ - msg ;length of our dear string
This is different than the DOS hello world program because of the OS specific things(like int 0x80).
Although you may be writing x86 assembly, you'll still be using a different assembler depending on which operating system you are using, and they'll have different features, so writing in assembler on Windows wouldn't necessarily be the same as what you'd write in Linux, though I'd assume they'd be rather similar.
The following are quotes from: Introduction to Linux Intel Assembly Language
Things are similar under other operating systems. Using the Microsoft or Turbo compilers, for example, assembly language source files have the suffix .asm, object files have the suffix .obj, etc.
NASM is available for both Unix and MS Windows. For that matter, even as can be used under Windows, since it is part of the gcc package and that is available for Windows under the name cygwin.
The assembly for all operating systems can be same, assuming there's portability layer with implementations for every operating system you're supporting.
Though, if you're planning about super-compatible binaries like I do.. ELF and PE -formats are entirely different from each other, and it will prevent same executable from running on different operating systems. Though this can be solved by writing a portable program loader.
The assembly language is largely the same and similar. However, neither Windows nor Linux would try to execute an arbitrary file. Most modern operating system refuses to execute a program, unless it have the proper executable headers (e.g. PE or ELF).
In Windows, a file needs to have the correct extension (e.g. .exe, .dll, .com) and the file need to be layout conforming to the Portable Executable (PE) format before Windows even attempt to execute the file.
In Linux, a file needs to conform to the ELF format (Executable and Linkable Format) and have the execute permission bit (can be set/unset using chmod).
In practice, this means Windows which doesn't recognize ELF format would refuse to execute a Linux program; and Linux will refuse to execute a PE/Windows program unless you have Wine. A virus written in assembly would need to be reassembled (be run through the assembler) to the correct executable format (PE or ELF) to suit the OS.
After that, then you have the problem of differing function call convention between Windows and Linux (and even between different versions of Windows and different version of Linux); also different set of System Call API and different methods to do system calls for even the most basic things. In practice, it is near impossible to write an assembly code that is portable between Windows and Linux, since even basic operations like printing Input/Output is different.
The x86 instructions will do the same thing.
But where things are located in memory will be different, and what your code can access. Operating system services will be different as it how you invoke them.
So if you could get the same binary code on both then you could for example write code to add up all the numbers from 1-100 and that would work, but the mechanism for printing that out would vary considerably.
It is the same processor and as a result the same instructions for doing your add 1+1 yes.
and it is likely possible that you can use similar enough tools to have the same assembly source at least for that instruction. But the executable file format, which contains not only the bytes to be executed but other stuff are different between the operating systems. Different tools are used to create the different executable files/containers. That is if you are trying to execute a complete program. If you have a virus or other evil program that takes advantage of some malloc in the operating system where there is a way to get the OS to execute code, well the bytes of that code are not going to contain this executable wrapper, those bytes are just the instructions you want to run. So in that sense they would again be the same bytes, but the exploit to get into the operating system (or a driver), is likely operating system dependent and your exploit would be operating system dependent.
Yes and no.
The small snippet that adds 1+1 and stores it in a register is going to be exactly the same machine code -- that is, the code that run on the processor is the same no matter what the operating system.
However, you need to surround that code with other bits that interact with the OS to make your program meaningful -- you would never know that your code actually correctly stored 2 in eax if it didn't output to somewhere, for example.
Interestingly, projects like Wine allow for cross-platform interoperability by providing under Linux the same API calls that the program would expect to find under Windows, as well as providing the appropriate logic to allow Linux to properly decode a Windows executable. So, with Wine support, some Windows viruses can actually run under Windows. It may take some work, but you can make it happen.
And no, Wine doesn't have to recompile the Windows programs -- it does, in fact, run the machine code stored in the EXEs directly on the processor.