Binexp_intro
Oct 15, 2021
Register duties
RIP : Instruction pointer RSP: Stack pointer RBP: (Stack) Base pointer RSI, RDI: Generally used for passing args RAX, RBX, RCX, RDX , R8, R9 …R15 : General purpose
Flags
These are bits which set or unset acc. to the latest operation ZF : Zero Flag SF : Sign Flag CF: Carry Flag OF: Overflow Flag PF: Parity Flag AF: Auxillary Flag IF: Interrupt enable Flag DF: Direction Flag
Basic operations
`mov rax, rsi` rax = rsi
`add rbx, 0x1` rbx = rbx +0x1
`sub rax, rbx` rax = rax - rbx
`mov rax, [addr.] ` rax = value_at[addr]
`push 0x7` pushes 0x into stack
'pop eax' pop the value into eax
`cmp R9, R10` compares them and later used in decisions like je, jg,..etc
`test R9 R10` performs bitwise AND and modifies the flags SF ZF and PF
`jmp addr` jump to given address , more often comes as je, jne..etc
PS: The stack grows downwards (litle endian)
Most used keywords :
- pie
- aslr
- nx
- canary
Application memory structure
| Heap | | ------- | | Stack | | ------- | | variables | | ------- | | instructions|
Exploits:
- BOF (buffer overflow)
- ret2libc and rop
- ret2plt
- Format string vuln
Tips
To find the occurances of libc functions
we can use ltrace and find them
checksec ./vuln
to perform security check seg fault with demsg