Memory Basics
Eric and I sat down and drew a picture of Memory Layout.
+ Stack Frames contain: Input Params, Local variables, and Saved Registers
+ EBP --> base points to top of stack
+ ESP --> points to bottom of current stack frame
+ EIP --> points to next instruction
+ Stack grows down but writes and reads up.
Buffer Overflow ===> Second stack frame has a lower address than first stack frame. Since the stack writes up, we can overflow the buffer and write over the rest of the frame until we get to the saved EIP.
Endian-ness... It's a Byte Thing
Ex. Represent this : 1234
Say each word represents a byte, and each letter is a bit (ignoring the 'well-actually' details.)
In big endian :
ONE | TWO | THREE | FOUR
Little equivalent of this is :
FOUR | THREE | TWO | ONE
NOT THIS:
RUOF EERHT OWT ENO
The order of bytes is interpreted differently, but the byte content is unaltered. The bits in the bytes don't mirror.
Potential Tools
+ RATS Static Analysis
+ Splint
+ Radare - Disassembler! Basic commands to start with:
- r2 [name of executable]
- af @ sym.main <== analyze main function
- pdf @ sym.main <== print main (now analyzed) function
INSTALLING RADARE2 ( on PROTOSTAR vm )
su root
godmode
apt-get install flex bison ///dependencies for radare
git clone https://github.com/radare/radare2.git
./configure --prefix=/usr
make
make symstall
Next Post: Document all the Stack exercises! ...now to properly make sense of my messy notes... -__-;
No comments:
Post a Comment