This is my fifth tutorial over simple buffer overflow exploitation tutorial and today, in this post, I am going to write in a simple way about how memory management works during function calls.
readers if you are new and don't know about the topic then you can check below links for details.
If you already aware of this concept, Skip Part 1 and Part 2.CPU Memory Management Device - Part 1CPU Memory Management System - Part 2
Pay Attention here,CPU Memory Organization/Registers - Part 3CPU Virtual Memory Model/Stack/heap - Part 4
readers, as I told you in my previous tutorials, stack plays a very important role in performing the operation. To perform any function successfully various registers of CPU and Other parts of Computer works together to achieve their goals. In Simple Words, To Execute any function successfully every part of Computer plays very important roles. For Example, various registers and units work together to perform operation successfully.
Hmm, Want example to understand...
Well, let's take a simple piece of assembly code to write hello world in the terminal.
# This is my first program in assembly language
# Data Segment
.ascii "Hello World!\n"
# Text Section
# leave it blank..
# Load all the arguments from main memory to CPU registers.
movl $4, %eax # 4 is the write function Number
movl $1, %ebx # 1 For Standard output
movl $HelloWorldString, %ecx # Pass String ascii address
movl $13, %edx # Pass Total Length Of ascii
# Call Interupt To End and perform previous provide arguments
# Initiate Exit Process
movl $1, %eax # 1 is the Exit Function Number
movl $0, %ebx # Set Status 0
# Call Interupt
Why Assembly? Because assembly is a low-level programming language and I think, it is also one of the best language to understand, actually what happening under the hood in CPU.
So, let's talk about what actually these codes mean?
Well, In this codes #
is for passing comments, movl
is for moving value, %eax, %ebx .. etc
are the registers. if these codes not yet coming in your mind. read codes and their comments carefully. Still, not understand.
CPU Registers (let me explain you in a simple way.)
1. In line 5 .data
is representing data segment, line 7 and 8 is for creating and loading ASCII string in memory.
2. Line 11 refers to text segments of main memory. Line 14 to call _start
3. Basically, In Line 20, 22, 24, 26, 32, 33
we just inserting or moving values from one resource to another resource like in line 20, we just assigning value 4
in register %eax
in registers as the first argument, then In line 22, insert value 1
as the second argument, in line 24 insert memory location of string ascii (actually available in data segment) into the %ecx
register as third argument and at the end, insert length of string ascii to be print in the terminal into %edx
as the fourth argument. after providing all output, call an interrupt to perform the operation in line 29.
4. After Line 31, codes written to perform exit function.
Now, let's run this program. Here, for this tutorial i am using Ubuntu and ubuntu comes with pre-installed assembler, linker and gcc compiler. if you are using any other operating system, setup your environment with the help of Google search.
To Compile Assembly Code.
:~$ as -gstabs -o HelloWorld.o HelloWorld.s
To Link with Linker
:~$ ld -ggdb -o HelloWorld HelloWorld.o
To Execute it
I hope now, you all got the surface idea about how actually CPU register works together to perform different operations on CPU.
Simple Stack Memory Layout Management Demo
Now, let's take another example to understand how exactly stack memory layout works with CPU register to perform various program instructions.
Here, it is a Simple C program.SimpleStackReview.c
// include header file
// function for addition
int add(int x, int y)
c = x+y;
// main functions
add(3, 5 );
let's try to understand how exactly it's going to works.
1. let's assume that after including header files and performing other function our %eip register now pointing to the main function and started to process its instruction.
2. A function call is found (Line 18). push parameters to stack from right to left order. means first push 5 into the stack, then push 3 into the stack. and now, pay attention
here, because after finishing add function, our pointer has to perform next instruction of Line 18. so, basically, push line 19 instruction into the stack as next instruction to perform after add function.
3. after that, find the address of add function and set the %eip register to add function. basically, now program focus is transferred from main to add function till add function finished it work.
4. now its time to push %ebp into the stack.
Basically, as I told in the previous post, ebp is stands for Base Pointer register that represent the current starting point of stack memory layout. so, as you can see above our stack memory is updated, so what our program is going to do, is to save past stack memory layout address info into stack because it will help us to set %ebp again to its previous state after finishing add function operation and then again update %ebp to represent current stack memory layout start point address.
5. Now, push local variables c,d into stack memory and perform instruction (Line 10) and then return to the main function.
6. Now, its time to pop up again all saved data from the stack to set %ebp and %eip to their previous state and then perform another instruction.
Diagram to Represent Stack Memory
--------------------------- < -- Bottom Of Stack
| 5 |
| 3 |
| <return address> |
| <%ebp of main()> |
| <space for 'c'> |
| <space for 'd'> |
| <other data> |
--------------------------- < -- top of stack
I Hope Now, You All got it.
So, this tutorial ends here, I hope you enjoyed it.
In Next tutorials, I will show you how to use disassemble programs, understand programs, exploit programs etc.
So, Keep Reading and have a nice day