"CTF" Reverse Basics 1

Although the reverse involves a lot of knowledge, but if the application is limited to the CTF topic, we have a summary of some of the basic knowledge often used.

Source of Ideas:blue-lotus& training &c++ Security Code &0day security &google

• Basic concepts of stack frame

What is the role of EBP?

EBP and ESP are the top and bottom flags of the stack

How does EBP and ESP fit together?

Co-ordination means that when the function is called, the EBP is placed in the stack, assigned a new value, and then ESP is raised to open up new stack frames and maintain stack frame balance when the function is called.

What is calling convention? What is the parameter pass order for x86 and x64?

calling convention (function calling convention) is the function call into the stack order, recovery and other call details of the Convention, probably commonly used __cdecl __fastcall __stdcall, specific details can be Baidu (or go back to the software security lesson six months ago)

x86 parameters should be passed from right to left into the stack (different calls will be different), the x64 schema unifies the calling rules, the first four parameters of the call are always passed in the register, the remaining parameters are pressed into the stack. (These 4 registers for storing parameters are: Rcx,rdx,r8,r9 for storing integer parameters; xmm0,xmm1,xmm2,xmm3 for storing floating-point parameters.) For specific parameter types, the rules for using registers are shown in http://yukei.blog.163.com/blog/static/1125877032009113
134353876/)

• What is Shellcode?

Shellcode is literally the code that executes the shell, in practice the code that exploits the vulnerability is the bullet, and the shellcode is the equivalent of ammunition. Of course, now always put them together called Shellcode. If you want to take the shell, Shellcode to prepare two paragraphs (I will not tell you to use Metasploit to do)

The principle of buffer overflow?

• Overwrite what caused the program to crash?

Return address, destroying stack balance

• What is a stack cookie?

I've never heard of this before, it means that there is no empty stack frame after the function has been executed, although it cannot be read through EBP, but there is still a possibility of disclosure.

• What are the conditions for direct execution of shellcode using buffer overflow?

The entry address is determined.

"CTF" Reverse Basics 1