Binary Exploitation

Hello all, back again with a new topic which I’m currently focusing on.

Today we will be looking at

  • How a Program runs

Let’s begin with how a program runs…

when we write a program it is a worthless plain text until it is compiled. When we compiled it become executable and can able to run. While running a program it comes to memory and our program runs by one by one instructions.

The above picture explains how a typical compiled memory looks like. Generally Stack starts from Higher Memory Address to Lower Memory Address. There are two instructions are in stack which are push and pop.

Stack is a data structure where instructions takes place. It is in the order of LIFO (Last In First Out)

Heap is also a data structure where the memory allocation is random and manually allocated by us.

How Stack Grows ???

esp -extended Stack Pointer which points top of the stack when a value is added to stack the esp increases its size upward lower to higher memory and pops a value the assembler decreases value of esp hereby stack shrinks back into it.

ebp -Extended base Pointer

It is a 32-bit register is used to reference all the function parameters and local variables in the current stack frame. when a function is called When you call a function, a space is reserved on the stack for local variables. So EBP will point top of stack for this frame, and ESP will point next available byte on the stack.

eip -Extended Instruction Pointer

A poiner which points to the next instruction’s return(memory) address RET2WIN attacks are done by re-writing the eip’s address

What is Segmentation Fault???
In a word, A segmentation fault error can occur when we try to access the violated or out of bound memory address

#include <stdio.h>void func_call(){
printf("This is a function");
}
int main(){
printf("The below string is from a function");
func_call()
return 0;
}

when we make a objdump looks as follows… (Note i took only the fun_call( ) and main function)

0000054d <func_call>:
54d: 55 push %ebp
54e: 89 e5 mov %esp,%ebp
550: 53 push %ebx
551: 83 ec 04 sub $0x4,%esp
554: e8 60 00 00 00 call 5b9 <__x86.get_pc_thunk.ax>
559: 05 7b 1a 00 00 add $0x1a7b,%eax
55e: 83 ec 0c sub $0xc,%esp
561: 8d 90 6c e6 ff ff lea -0x1994(%eax),%edx
567: 52 push %edx
568: 89 c3 mov %eax,%ebx
56a: e8 61 fe ff ff call 3d0 <printf@plt>
56f: 83 c4 10 add $0x10,%esp
572: 90 nop
573: 8b 5d fc mov -0x4(%ebp),%ebx
576: c9 leave
577: c3 ret

00000578 <main>:
578: 8d 4c 24 04 lea 0x4(%esp),%ecx
57c: 83 e4 f0 and $0xfffffff0,%esp
57f: ff 71 fc pushl -0x4(%ecx)
582: 55 push %ebp
583: 89 e5 mov %esp,%ebp
585: 53 push %ebx
586: 51 push %ecx
587: e8 2d 00 00 00 call 5b9 <__x86.get_pc_thunk.ax>
58c: 05 48 1a 00 00 add $0x1a48,%eax
591: 83 ec 0c sub $0xc,%esp
594: 8d 90 84 e6 ff ff lea -0x197c(%eax),%edx
59a: 52 push %edx
59b: 89 c3 mov %eax,%ebx
59d: e8 3e fe ff ff call 3e0 <puts@plt>
5a2: 83 c4 10 add $0x10,%esp
5a5: e8 a3 ff ff ff call 54d <func_call>
5aa: b8 00 00 00 00 mov $0x0,%eax
5af: 8d 65 f8 lea -0x8(%ebp),%esp
5b2: 59 pop %ecx
5b3: 5b pop %ebx
5b4: 5d pop %ebp
5b5: 8d 61 fc lea -0x4(%ecx),%esp
5b8: c3 ret
  • The middle part are the instructions in the assembly the very right portion are belongs to the parameters which are takes place during the execution

Hope you learnt new from this. If i left anything plz le me know…

Feel free to connect: Instagram ,Twitter, LinkedIn

--

--

--

Developer | CTF Player | Cybersecurity Enthusiast

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Atta now @atta_protocol on twitter

Flutter for iOS App Development and the migration guide

Creating a custom Network-Topology

Selenium Grid 4 — Automated Visual Testing

Some guidance to agile manufacturing

Here’s how you correctly move Drupal sites between environments

I Failed on Amazon SWE Job Interview & I Don’t Care

Working with Foundation CSS Framework

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Palani

Palani

Developer | CTF Player | Cybersecurity Enthusiast

More from Medium

THE TWO SECURE PROTOCOLS; SSL/TLS AND SSH

Hunting the Remastered Gucci Botnet

Corporate Espionage with Shodan