Last time we explained what roles Ebp and Esp registers have. We first introduced function's stack frame building, return address and calling conventions, but left some of the concepts floating without a full stop.
Today we are going to complete the analysis of the Assembly code to finally move on to Exploitation in the following parts of the guide.
Recalling the last steps of the previous part, we explained what's the purpose of the function prologue, how Ebp and Esp registers are used to refer data in memory and stack frames with some GDB examples, trying to find out how the program's argument is pushed into mains()'s stack frame with the help of local and global pointers.
Today we are focusing on echo()'s Assembly representation: after concluding the explanation of the last lines in main() before echo()'s call (responsible for passing arguments to the next function), we will move to
function calling. If last time I briefly explained how stack frames are built and destroyed, today I'm analyzing how it is done trough Assembly code.
Make sure you read the previous part of the guide to be able to understand this one.
After echo()'s function prologue, we are going to explain every instruction in echo() to then go back to main() and conclude this first section of the guide.
If this sounds a little bit annoying to you, don't worry, because next time, we are going to dive deep in Exploitation fundaments, and with style!
Where we analyze from instruction 12 to 20, based on what last time's experience.
Where we iterate trough every instruction in echo(), trying to understand how is eax used and where is the buffer placed in memory.
As an epilogue to this trilogy and an overture to exploitation, let's summarize every step of the stack frame construction, so that we can move on to exploitation:
Aleph1's "Smashing the Stack for Fun and Profit"
"Hacking, The Art of Exploitation"
"Buffer Overflow Demistified" by murat.
"The Shellcoder's Handbook"
Part 1 of "Attack On Stack"
Part 2 of "Attack On Stack"
Part 4 of "Attack On Stack"
Part 5 of "Attack On Stack"
Part 6 of "Attack On Stack"
Prelude to Reverse Engineering: IDA and Hopper Binary Patching Introduction
Hey Everyone! How is it going?
Sorry if this part was shorter than usual, but I don't want to spoil you anything from the next series about exploitation! The next part will follow a different style, while still being based on pictures obviously.
Recently Null Byte is more and more active, a lot of new creators have joint us, which is really awesome.
Keep coming for the next parts (probably 5 or 6) as we explore exploitation fundaments and developing! I also encourage you to check the resources. I have a lot of them, and will probably gather all of the useful links that I used in a special part of the series, tell me if you want them sooner and I'll provide them to you all.
Again, thanks for being there Null Byters!
Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.
Other worthwhile deals to check out: