Buffer overflow Exploitation tutorial - CPU Memory Management - Virtual Memory Model/Stack/Heap - Part 4

Namaste hackers,



Today, I am going to explore another useful concept of CPU memory management. I hope you all are enjoying my buffer overflow exploitation post.

So, Let's Start Our Tutorial

Virtual Memory Model In CPU Architecture.


In Today's Computer, Virtual memory is like the base of all function. Basically, Virtual Memory is a concept where every all running program or process feels like it is working alone in whole computer main memory but actually, under the hood every process is laid out in the same physical main memory.  In Simple Words, Virtual Memory is a Concept where CPU and OS work together to create a special illusion for programs, in this illusion all working programs feel that it is in the system alone and enjoy all the memory without sharing with other processes. I hope you got the basic concept of virtual memory. Now, let me show you a diagram, which represents the virtual program memory environment created by CPU and OS for all program.







As You can see in above diagram, the top portion is denoted as highest address and the bottom portion is denoted as the lowest address. Ok , 

Now let's explore more point represented in this diagram.


High Address : 
                       Actually, virtual memory layout always starts from bottom to top. hence, the physical address of the highest point in virtual memory represented as 0xBFFFFFFF 

Stack:
 The stack is the memory set aside as empty space for a thread of execution. whenever a function is called, a data block is reserved on the top of the stack for local variable and when that function returns, the block becomes unused ad can be used the next time a function is called. Basically, stack works like a book shell where we can keep books for specific times. The stack is always reserved in a LIFO (last in first out) order, the most recent block is always the next block the be freed. This feature makes the stack more faster and simple to manage. (Most Important Point: So, I going to explain it separately.)


Unused Memory 
                  As Memory Segment name highlighting, This Segment is for unused memory.

Heap
           heap is a Dynamic Memory. 

.bss
         Basically, This Segment is for storing Uninitialised Value.


.data
            This Segment is for storing initialize value.


.text  
            This segment of virtual memory is for storing program executable instruction codes.


Low Address 
                       The physical address of lowest Point in virtual memory layout can be represented as 0x848000





STACK


The stack often works in close tandem with a special register on the CPU named the stack pointer. Initially, the stack pointer points to the top of the stack (the highest address on the stack). 
The CPU has special instructions for pushing values onto the stack and popping them back from the stack. Each push stores the value at the current location of the stack pointer and decreases the stack pointer. A pop retrieves the value pointed to by the stack pointer and then increases the stack pointer (don't be confused by the fact that adding a value to the stack decreases the stack pointer and removing a value increases it. Remember that the stack grows to the bottom). The values stored and retrieved are the values of the CPU registers.

When a function is called the CPU uses special instructions that push the current instruction pointer, i.e. the address of the code executing on the stack. The CPU then jumps to the function by setting the instruction pointer to the address of the function called. Later, when the function returns, the old instruction pointer is popped from the stack and execution resumes at the code just after the call to the function.

When a function is entered, the stack pointer is decreased to allocate more space on the stack for local (automatic) variables. If the function has one local 32 bit variable four bytes are set aside on the stack. When the function returns, the stack pointer is moved back to free the allocated area.
If a function has parameters, these are pushed onto the stack before the call to the function. The code in the function is then able to navigate up the stack from the current stack pointer to locate these values.

Nesting function calls work like a charm. Each new call will allocate function parameters, the return address and space for local variables and these activation records can be stacked for nested calls and will unwind in the correct way when the functions return.

As the stack is a limited block of memory, you can cause a stack overflow by calling too many nested functions and/or allocating too much space for local variables. Often the memory area used for the stack is set up in such a way that writing below the bottom (the lowest address) of the stack will trigger a trap or exception in the CPU. This exceptional condition can then be caught by the runtime and converted into some kind of stack overflow exception.

HEAP


The heap contains a linked list of used and free blocks. New allocations on the heap (by new or malloc) are satisfied by creating a suitable block from one of the free blocks. This requires updating list of blocks on the heap. This meta information about the blocks on the heap is also stored on the heap often in a small area just in front of every block.

As the heap grows new blocks are often allocated from lower addresses towards higher addresses. Thus you can think of the heap as a heap of memory blocks that grows in size as memory is allocated. If the heap is too small for an allocation the size can often be increased by acquiring more memory from the underlying operating system.

Allocating and deallocating many small blocks may leave the heap in a state where there are a lot of small free blocks interspersed between the used blocks. A request to allocate a large block may fail because none of the free blocks are large enough to satisfy the allocation request even though the combined size of the free blocks may be large enough. This is called heap fragmentation.

When a used block that is adjacent to a free block is deallocated the new free block may be merged with the adjacent free block to create a larger free block effectively reducing the fragmentation of the heap.


Difference


Stack:

  • Stored in computer RAM just like the heap.
  • Variables created on the stack will go out of scope and are automatically deallocated.
  • Much faster to allocate in comparison to variables on the heap.
  • Implemented with an actual stack data structure.
  • Stores local data, return addresses, used for parameter passing.
  • Can have a stack overflow when too much of the stack is used (mostly from infinite or too deep recursion, very large allocations).
  • Data created on the stack can be used without pointers.
  • You would use the stack if you know exactly how much data you need to allocate before compile time and it is not too big.
  • Usually has a maximum size already determined when your program starts.



Heap:
  • Stored in computer RAM just like the stack.
  • In C++, variables on the heap must be destroyed manually and never fall out of scope. The data is freed with delete, delete[], or free.
  • Slower to allocate in comparison to variables on the stack.
  • Used on demand to allocate a block of data for use by the program.
  • Can have fragmentation when there are a lot of allocations and deallocations.
  • In C++ or C, data created on the heap will be pointed to by pointers and allocated with new or malloc respectively.
  • Can have allocation failures if too big of a buffer is requested to be allocated.
  • You would use the heap if you don't know exactly how much data you will need at run time or if you need to allocate a lot of data.
  • Responsible for memory leaks.

For More Details About Stack And heaps, Click Here StackOverflow

Friends, This Tutorial Ends Here.


I Hope You Enjoyed It


Written By:
                   SSB


Buffer overflow Exploitation tutorial - CPU Memory Management - CPU Organisation - Part 3

Namaste Hackers,



Today, I am going to Write about another important topic, needed for learning exploit writing. In this Pos, I am going to cover CPU organization topic. In this Topic we will learn about the basic structure, concept, and design of the Central Processing Unit and How its work?

Friends, I am trying my best to keep all my posts simple and easy to understand but if anyone feeling anything missing in my post then please comment below.

So, Let's Start

As We know in the computer system, CPU is like heart and brain for Computer.  It consists many types of other components also like arthimatic unit, logic unit, control unit, registers, decoders etc. Central Processing Unit also connected with various Input-Output Devices and memories In Simple words, a computer processor is responsible for doing various types of operation in computer architectures. The purpose of CPU is to execute the instruction stored in the main memory.

So, let's Explore More To Get Basic Information How Exactly all instructions perform their operation under the hood.

Basic Diagram Of How CPU Connected with Other Components.



As You Can see Above Central Processing Is Connected With Many External Components Like Memory Unit (RAM, ROM, CACHE), INPUT, OUTPUT, ETC. In Computer Architecture, All these mentioned units are linked to one another via buses. now, the question arises in our mind, What is Bus? Well, Basically a bus is a set of wires that carry data bits and act as a communication bridge between the processing unit and other peripherals. Why Bus? Because Bus is a fast and safe medium of data transfer from one place to other.

Usually, Bus support 2 types of data transfer. Unidirectional Bus and Bidirectional Bus. Unidirectional refers to One-way Data Transfer and Bidirectional Supports Both Way Data Transfer.

Now, let's Move Ahead And Talk About CPU.


This is the basic diagram of CPU components.




What is Registers?


To Execute an instruction in CPU, registers play very important roles. Registers are used to quickly store, accept and transfer data with lighting fast speed. They are fast because registers are built from the fast multi-ported memory cell. In simple words, as I already told you in my previous posts, that CPU registers comes at the top of the memory hierarchy because registers are the fastest way to manipulate data but they can store very small bits. to perform any operations CPU undergoes with the sequence of operations called instruction cycle. Basically, there are three types of cycles .


1. Fetch: During Fetch Operation, the CPU fetches the instructions to be executed, from main memory and the instruction given by the user.

2. Decode: During Decode Operation, the CPU find out which operation is to be performed to satisfy instruction requirements.


3. Execute: At the End, in execute, operation CPU actually perform all the operations to satisfy the instructions requirements and save the result into the memory and that they are displayed on the screen


Various Types Of Registers (Trying To Explain In Simple Words)


Accumulator Register(AC) :

     This register located inside the ALU. Here, ALU stands for Arithmetic and Logistic Unit. Accumulator Register is used for storing data for performing arithmetic operations. In simple words, accumulator registers are used to store initial data, intermediate results and the final results.



Memory Buffer Register (MBR):

   This register Only holds data or instruction read from memory or to write in memory.


Program Counter (PC):

    This register is used to point to the next instruction to execute This register is also known as Instruction Pointer.



Instruction Register (IR):

   After Fetching instructions from main memory, all instruction is stored in this register to perform operations in CPU.


Address Register (AR)

Address Register is used for specifying the addresses of a particular Input-Output device.



Buffer Registers(BR)

Buffer Registers is used to exchange data between Input Output module and the processor.



Data Registers (DR)

A Register used in micro-computer to temporarily store data.



Memory Address Registers (MAR)

This register holds the address of memory where CPU wants to read instruction Or Store instructions.


Special Extra Registers to make CPU more powerful


General purpose registers : 

 A general purpose register can be used for various functions desired by the processor, like either to contain an operand or an address of an operand for any opcode of an instruction.


Condition Codes Registers
These registers are used to contain various types of the conditions codes during operations, those condition codes indicate specific conditions set by the CPU. These condition codes called flags.


Status and Control Registers
A status register often known as program status word (PSW) serves the purpose to contain the condition code and other status information. similarly, Interrupt vector register (IV) and Stack Pointer (SP) are the other status and control registers, respectively.



. I think it's enough for Today. so, this post ends here.

I hope you enjoyed it.

Have a nice day

Buffer overflow Exploitation tutorial - CPU Memory Management - Memory System - Part 2

Namaste Hackers,



As I already said in previous post,  "I am writing this tutorial series to teach you how you can write exploits on your own" and to write exploits on your own you need sharp knowledge of memory management. So, Let's Start Our Today's Tutorials.


Well, In Computer architecture, There are various types of Memories responsible for doing many types of different works. but here, i am going to describe only some important point because i don't want to make you confuse.

So, let's Start

Types Of Storage Locations In Computer System


1. Primary Storage. (check previous part for detailed Information)
2. Secondary Storage. (check previous part for detailed Information)
3. CPU Registers.


Primary Storage.

                                Primary Storage is also known as Internal Storage. These Types Of Storage is Needed all the time so they are located inside the CPU (Connected With Motherboard Directly). Examples are RAM and ROM.

Secondary Storage.

                                    Secondary Storage is also known as External Storage. These types of storage is located outside the CPU but connected to CPU. Example : Hard disk.


CPU Registers : 
                               For processing and performing any functions in CPU (Central Processing Unit). CPU also need memories. Hence, CPU has its own local memories to store instruction and data. these local memories are known as CPU Registers. In simple words,  CPU also have its own local memory in the form of CPU Registers.

Cache Memory : 
                                Cache Memory is a very high speed memory located between the CPU and Main memory. In simple words, Cache memories are very high speed memories which is placed between the processor and main memory. Now, a question arise in our mind why? why cache memories play a role of intermediate between processor and main memory.
Well the reason is, CPU registers are very high speed compared to main memory. So, moving instruction or data between CPU registers and main memory directly effects on CPU performance. To solving this problem, a very high speed memory called cache memory is placed between processor and main memory.




Storage Capacity System.


In Computer architecture, Storage Capacity is the amount of data that can be stored in storage units. these storage units can be referred as bytes. hmm, let's dirty our handy with storage capacity systems details.

Bit (Binary Digits) :
                                 A binary digit (possible values 0 or 1) representing a passive or an active state of a component in computer circuit board.

Nibble  :
                       A Group of Four bit is called nibble.

Byte :
                       A group of eight bit is called bytes. (Smallest Unit Represent any Character Or Data)

Kilobytes :
                       A group of 1024 Bytes is called One KiloByte.

Megabytes :
                      1024 kilobytes refer as One megabytes.


Three Parameters for Performances In Computer Architecture.

Access Time :
                       Access time is referred as the time required to locate and retrieve record from Devices.

Memory Cycle Time : 
                      Access Time + Gap of time in accessing another intruction.

Access Rate :
                        Time required to access any particular storage unit block in drive.



Memory Hierarchy



As The hirarchy going down, the following occur
1. Increasing Access Time
2. Increasing Capacity
3. Decreasing Cost Per Bit



So, Friends This Tutorial Ends Here.
I Hope You Enjoyed it.


Written By:
                  SSB

Buffer overflow Exploitation tutorial - CPU Memory Management - Memory Device Introduction - Part 1

Namaste Hackers,


From Today, I am going to write a series of tutorials based on Computer Memory Management Topic.

Well, I know many continuous readers of this blog have doubts in their minds. Why? I am Writing This Tutorials Series... hmm,

If Yes, Then Friend Try To Understand My Future Planning. Because Friends To Be A Successful Penetration Tester, Low-Level Programmer Or Ethical Hacker, Knowledge Of Writing Exploits On Your Own Is Very Important And Yes, To Write Exploit On Your Own. You Need Sharp Knowledge Of Computer Memory Management Concepts.


I hope you got my planning, but if already aware of the basic concept then you can skip this post..  if you have any doubts in your mind, comment below.


Introduction To Memory Management.


Well, Let's Start With Some Basic Theories,,

Q 1. What Is Memory Devices?

Ans. In Computer, Memory devices are the physical or virtual devices that have the ability to store various types of Data, Information for temporarily or permanently time. In simple words, memory devices are the devices which can store information in various forms.

Examples Of Memory Devices.
1. RAM (Random access memory)
2. ROM (Read-Only Memory)
3. HDD (Hard-Disk Drive)

For More Info, Click Here

Q 2. Types Of Storage In Computer?

Ans. Basically, There are Two Types Of Storage In Computer.



Primary Storage: Primary Storage memory is also known as Internal memory. it is the only one memory that is directly accessed by the computer CPU (Central Processing Unit). So, In this memory CPU continuously reads and write instruction to perform various operations in Computer System. This types Of memories are temporary storage means after switching off, all stored data will vanish. It is also Fastest Memory If Compared to Secondary Memory But The Limited Of Storing Data is very small compared to Secondary Memory. Example Of Primary Memory Is RAM (Random Access Memory).

Secondary Storage: Secondary Storage memory is also known as External Memory. In this types of memories, CPU has to use primary memory as a medium or you can also say as a bridge to access any data on the disk. This types of memory are permanent storages means even after switching off, data will remain saved. but this types of memories are very low compared to primary memories. Another, a Major factor of secondary memories is, There limits of storing data is very big compared to Primary memories. Examples Of Secondary memories: HDD (Hard Disk Drive).


Q 3. What is Memory Management?

Ans. Basically, As I already mentioned above. Primary Memory is the only one memory that provides direct access to CPU. Hence, CPU use this memory to perform operations successfully. In Addition, to manage various operations and functions, the operating system also has the ability to manages the primary memory of the computer system. The part of the operating system that handles this jobs is known as memory manager.  Since in every operation the requirement of primary memory to CPU is necessary. In simple words, primary memory is a temporary memory but very fast memory that provides direct access to CPU and secondary memory is a permanent but very slow memory and can't access directly by CPU. So basically all programs execution instruction always saved in Secondary Storage But Whenever The CPU need to process any required instruction it produces a specific call with required data information to secondary device manager, and secondary device manager retrieves data from hard disk and copies it in primary memory.  I hope you got it... but if you have any query than comment below because it will encourage me to write in more details.



This Tutorial Ends Here,, Wait For Another Tutorial


Written By
               SSB


Automatic Script To Install OpenCV in Ubuntu Or Debian

Namaste Hacker,



Today, I am going to share with an automatic script that can help you in install python opencv easily. In the previous tutorial, I wrote how you can install python OpenCV using step by step command. but because of many commands, that process was very time-consuming. so today, I googled the easiest way to install python OpenCV without writing command in terminal.


here it is the bash script.

Install_OpenCV.sh



#
# Github Page : http://milq.github.io/install-opencv-ubuntu-debian
#
######################################
# INSTALL OPENCV ON UBUNTU OR DEBIAN #
######################################
#
# |         THIS SCRIPT IS TESTED CORRECTLY ON         |
# |----------------------------------------------------|
# | OS             | OpenCV       | Test | Last test   |
# |----------------|--------------|------|-------------|
# | Ubuntu 16.04.2 | OpenCV 3.2.0 | OK   | 20 May 2017 |
# | Debian 8.8     | OpenCV 3.2.0 | OK   | 20 May 2017 |
# | Debian 9.0     | OpenCV 3.2.0 | OK   | 25 Jun 2017 |
#
# 1. KEEP UBUNTU OR DEBIAN UP TO DATE

sudo apt-get -y update
sudo apt-get -y upgrade
sudo apt-get -y dist-upgrade
sudo apt-get -y autoremove


# 2. INSTALL THE DEPENDENCIES

# Build tools:
sudo apt-get install -y build-essential cmake

# GUI (if you want to use GTK instead of Qt, replace 'qt5-default' with 'libgtkglext1-dev' and remove '-DWITH_QT=ON' option in CMake):
sudo apt-get install -y qt5-default libvtk6-dev

# Media I/O:
sudo apt-get install -y zlib1g-dev libjpeg-dev libwebp-dev libpng-dev libtiff5-dev libjasper-dev libopenexr-dev libgdal-dev

# Video I/O:
sudo apt-get install -y libdc1394-22-dev libavcodec-dev libavformat-dev libswscale-dev libtheora-dev libvorbis-dev libxvidcore-dev libx264-dev yasm libopencore-amrnb-dev libopencore-amrwb-dev libv4l-dev libxine2-dev

# Parallelism and linear algebra libraries:
sudo apt-get install -y libtbb-dev libeigen3-dev

# Python:
sudo apt-get install -y python-dev python-tk python-numpy python3-dev python3-tk python3-numpy

# Java:
#sudo apt-get install -y ant default-jdk

# Documentation:
sudo apt-get install -y doxygen


# 3. INSTALL THE LIBRARY (YOU CAN CHANGE '3.2.0' FOR THE LAST STABLE VERSION)

sudo apt-get install -y unzip wget
wget https://github.com/opencv/opencv/archive/3.2.0.zip
unzip 3.2.0.zip
rm 3.2.0.zip
mv opencv-3.2.0 OpenCV
cd OpenCV
mkdir build
cd build
cmake -DWITH_QT=ON -DWITH_OPENGL=ON -DFORCE_VTK=ON -DWITH_TBB=ON -DWITH_GDAL=ON -DWITH_XINE=ON -DBUILD_EXAMPLES=ON -DENABLE_PRECOMPILED_HEADERS=OFF ..
make -j4
sudo make install
sudo ldconfig


To Run This Script, Just Copy these Codes in a file with extension .sh and then open a terminal and Type :


sudo bash path/to/script.sh


I hope, this script will help you.


Have a nice day.