Call Stack
The concept of stack is explained in detail in the data structure.
List some key points:
1. First in first out.
2. Data can always be stored or retrieved from the top of the stack.
In the x86 processor, push the stack command. Pushing an item to the top of the stack will reduce the top pointer of the stack by four bytes. The stack top pointer is stored in register esp. Correspondingly, the register name is the abbreviation of s
. Even the punctuation on the keyboard can be added to the Testcode, which can be arranged in the order of the ASCII code table, so that more space is verified at once.look for an appropriate address to overwrite the original return addressWhat we need to do now is to determine what address the last four "X" in "jiangyejiangxxxx" should be. Here we cannot create an address out of thin air, but should be based on a legitimate address. Of course, we can find a lot of suitable address through the o
as bytes, words, double words, and Booleans, is 4 bytes in the stack, and data that is larger than 4 bytes occupies a 4-byte integer multiple in the stack.3) The two registers associated with the operation of the stack are the EBP register and the ESP register, and in this article you only need to interpret EBP and ESP as 2 pointers. The ESP register always poin
"Peace of Blessing + Original works reproduced please specify the source +" Linux kernel analysis "MOOC course http://mooc.study.163.com/course/USTC-1000029000 "first, the process of initializationThe operating system kernel boot entry function is void __init my_start_kernel (void);Here is a simple definition of the two CPU states of a process:struct Thread {unsigned long IP; Indicates an EIP directiveunsigned long sp;//represents ESP, stack top poin
data that is larger than 4 bytes occupies a 4-byte integer multiple in the stack.3) The two registers associated with the operation of the stack are the EBP register and the ESP register, and in this article you only need to interpret EBP and ESP as 2 pointers. The ESP register always points to the top of the stack, and when the push command presses the data int
generate an assembly file using objdump, through the corresponding address, you can find out which function has a problem. As for the guessed code, you need to build a unit test based on the analysis situation or re-launch the code for testing.
Specific process examples are as follows:Objectdump-d ##. so >##. oVim ##. o6 libTaps2.so + 0xa452d
./Minidump_stackwalk 7ee5c76f-afe2-f9bd-564dedb7-57d73e0c.dmp
Thread 7 (crashed)0 linux-gate.so + 0x430Eip = 0xb78b4430
" command to break a breakpoint under the accept function and analyze the code to find the cause of the vulnerability as follows.. Text: 0041AA20 mov eax, [esp + arg_0]. Text: 0041AA24 mov eax, [eax + 18 h]. Text: 0041AA27 mov dword_4B0F7C, eax. Text: 0041AA2C cmp word ptr [eax + 98 h], 0. Text: 0041AA34 jz short loc_41AA56 // The condition is true.. Text: 0041AA56 mov edx, [eax + 4Ch] // "A" constructed data. Text: 0041AA59 push offset s_If-modified-
*): decompile the code section of A. obj.Open the ursoft w32dasm tool (I use version 8.93)Select all files when opening the file, because the software mainly targets file formats such as PE, le, and NE. SoThe offset must be specified to decompile the OBJ file. Above attention! (Note: another way to obtain this information is to use dumpbin/section:. text ). That is, the file offset of the Code section.Therefore, in the prompt dialog box that opens the OBJ file, enter 00000355Start disassembly f
I hope you can come up with some ideas ~
Check whether there is any shell... Microsoft Visual C ++ 6.0, indicating no shell ~
Let's enter an account and password for trial run ~ The error message "incorrect registration name or registration code!" is displayed !"
Okay. Let's load it with OD ~~ Search for asii, find the error message, and double-click it to go to the code ~
00401d00/0f85 df1_00 jnz ultradic.00401de500401d06. | 68 01100000 push 100100401d0b. | 68 f4704300 push ultradic.004370f4; A
plays an important role in the program operation. Most importantly, the stack holds the maintenance information needed for a function call, known as a stackframe, and a stack frame of a function (the called function) generally includes the following elements:
(1) Function parameters, the default invocation convention, in the Order of the right and left to press the parameters into the stack in turn. Executed by the function caller.
(2) The return address of the function, that is, the address of
Author: uuk[Software name]: Total Commander[Software Version]: 7.56a[Shelling method]: new version without shelling[Programming language]: Borland Delphi 2.0 [Overlay][Tools]: OD PEID IDA[Operating platform]: Windows XP[Software introduction]: A pretty good dual-column File Management Software[Author's statement]: it is only for research purposes. Please purchase a genuine version for use.We know that Total Commander has self-verification. by tracking the CreateFile and ReadFile functions, it is
carried out in assembly, let's talk about some personal opinions. Next, we will conduct some small tests and explain them in assembly language. You can do it together.
(1) Char name [] and char * Name
[CPP] View plaincopy
1:
2:VoidProcess ()
3 :{
00401020 push EBP
00401021 mov EBP, ESP
00401023 sub ESP, 4ch
00401026 push EBX
00401027 push ESI
00401028 push EDI
00401029 Le
and receiver are not the hostTunnel is used to provide original group protection for intrusions from the sender and receiver. It seems that the entire group is transmitted through a hypothetical tunnel.1. 2. Two security protocolsIPSec defines two security protocols: the Authentication Header (AH) protocol and the encapsulation security load (ESP) protocol, which provide authentication and/or encryption at the IP layer.1.2.1. header Authentication Pr
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.