Computer security is a vast topic that I've avoided for a long time, assuming it was far too complex for my skill level.
I'm beginning to get a little curious, so I wonder, is it possible to just open up random exe files, (or any file for that matter) in an assembler IDE and just start changing things?
I mean, it would be certainly difficult to understand pages and pages of assembly, but if someone /can/, what is stopping them from editing a file and cramming in a bunch of instructions?
Suppose you can do this, I wonder how can machine code amount to root access? Do you have to literally open the operating system and re-arrange the code associated with passwords?
I'm guessing it's a lot more complicated and requires a great deal of tools and OS knowledge, but I'm just curious about some of the fundamentals, and a lot of the intro documentation (that I've read) doesn't talk about assembly injections.
The short answer is yes. Executable files can be modified to contain different code, and then they will function differently. With the appropriate permissions, someone could change the instructions that made up the operating system kernel, or just supporting libraries. In fact, this is precisely how some software updates work.
Now, getting the permission to make these changes is not necessarily easy. But as the administrator to a computer, this is something you can do.
You might find the topic of "inline hooking" interesting. This is when a program is modified so that its control flow is redirected. Sometimes AV does this, sometimes malware does this.