Buffer overflow Exploitation tutorial - Stack/Memory Management During Function Calls With Assembly Language Code Example - Part 5

Namaste Hackers,



This is my fifth tutorial over simple buffer overflow exploitation tutorial and today, in this post, I am going to write in a simple way about how memory management works during function calls.

So, let's quickly start our today's tutorials.


Friends if you are new and don't know about the topic then you can check below links for details.

If you already aware of this concept, Skip Part 1 and Part 2.

CPU Memory Management Device - Part 1
CPU Memory Management System - Part 2 

Pay Attention here,

CPU Memory Organization/Registers - Part 3
CPU Virtual Memory Model/Stack/heap - Part 4

Introduction

Friends, as I told you in my previous tutorials, stack plays a very important role in performing the operation. To perform any function successfully various registers of CPU and Other parts of Computer works together to achieve their goals. In Simple Words, To Execute any function successfully every part of Computer plays very important roles. For Example, various registers and units work together to perform operation successfully.

Hmm, Want example to understand...

Well, let's take a simple piece of assembly code to write hello world in the terminal.

HelloWorld.s

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#
# This is my first program in assembly language
#
# Data Segment 
.data

 HelloWorldString:
  .ascii "Hello World!\n"

# Text Section
.text
 # leave it blank.. 

.globl _start    

_start:

 # Load all the arguments from main memory to CPU registers.

 movl $4, %eax    # 4 is the write function Number

 movl $1, %ebx   # 1 For Standard output 

 movl $HelloWorldString, %ecx # Pass String ascii address

 movl $13, %edx   # Pass Total Length Of ascii

 # Call Interupt To End and perform previous provide arguments 
 int $0x80

 # Initiate Exit Process
 movl $1, %eax   # 1 is the Exit Function Number
 movl $0, %ebx   # Set Status 0

 # Call Interupt
 int $0x80

Why Assembly? Because assembly is a low-level programming language and I think, it is also one of the best language to understand, actually what happening under the hood in CPU.

So, let's talk about what actually these codes mean?


Well, In this codes # is for passing comments, movl is for moving value, %eax, %ebx .. etc are the registers. if these codes not yet coming in your mind. read codes and their comments carefully. Still, not understand.

CPU Registers (let me explain you in a simple way.)


1. In line 5 .data is representing data segment, line 7 and 8 is for creating and loading ASCII string in memory.

2. Line 11 refers to text segments of main memory. Line 14 to call _start function.

3. Basically, In Line 20, 22, 24, 26, 32, 33 we just inserting or moving values from one resource to another resource like in line 20, we just assigning value 4 in register %eax in registers as the first argument, then In line 22, insert value 1 in %ebx as the second argument, in line 24 insert memory location of string ascii (actually available in data segment) into the %ecx register as third argument and at the end, insert length of string ascii to be print in the terminal into %edx as the fourth argument. after providing all output, call an interrupt to perform the operation in line 29.

4. After Line 31, codes written to perform exit function.

Now, let's run this program. Here, for this tutorial i am using Ubuntu and ubuntu comes with pre-installed assembler, linker and gcc compiler. if you are using any other operating system, setup your environment with the help of Google search.


To Compile Assembly Code.


:~$ as -gstabs -o HelloWorld.o HelloWorld.s

To Link with Linker


:~$ ld -ggdb -o HelloWorld HelloWorld.o 


To Execute it


:~$ ./HelloWorld


it's output:



Helloworld!


I hope now, you all got the surface idea about how actually CPU register works together to perform different operations on CPU.

Simple Stack Memory Layout Management Demo


Now, let's take another example to understand how exactly stack memory layout works with CPU register to perform various program instructions.

Here, it is a Simple C program.

SimpleStackReview.c


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
// include header file
#include <stdio.h>

// function for addition
int add(int x, int y)
{

 int c;
 int d;
 c = x+y;
 return c;
}

// main functions
int main()
{

 add(3, 5 );
 return 0;
}


let's try to understand how exactly it's going to works.


1. let's assume that after including header files and performing other function our %eip register now pointing to the main function and started to process its instruction.

2. A function call is found (Line 18). push parameters to stack from right to left order. means first push 5 into the stack, then push 3 into the stack. and now, pay attention here, because after finishing add function, our pointer has to perform next instruction of Line 18. so, basically, push line 19 instruction into the stack as next instruction to perform after add function.

3. after that, find the address of add function and set the %eip register to add function. basically, now program focus is transferred from main to add function till add function finished it work.

4. now its time to push %ebp into the stack.

Why? %ebp


Basically, as I told in the previous post, ebp is stands for Base Pointer register that represent the current starting point of stack memory layout. so, as you can see above our stack memory is updated, so what our program is going to do, is to save past stack memory layout address info into stack because it will help us to set %ebp again to its previous state after finishing add function operation and then again update %ebp to represent current stack memory layout start point address.

5. Now, push local variables c,d into stack memory and perform instruction (Line 10) and then return to the main function.

6. Now, its time to pop up again all saved data from the stack to set %ebp and %eip to their previous state and then perform another instruction.

Diagram to Represent Stack Memory


#############################

--------------------------- < -- Bottom Of Stack
|            5            |
---------------------------
|            3            |
---------------------------
|    <return address>     |
---------------------------
|    <%ebp of main()>     |
---------------------------
|    <space for 'c'>      |
---------------------------
|    <space for 'd'>      |
---------------------------
|    <other data>         |
--------------------------- < -- top of stack


############################






I Hope Now, You All got it.

So, this tutorial ends here, I hope you enjoyed it.

In Next tutorials, I will show you how to use disassemble programs, understand programs, exploit programs etc.


So, Keep Reading and have a nice day


Share this

Related Posts

Previous
Next Post »