The writing is very messy
1. The running process of c language
Understand that C language needs to go through the above two processes (compilation and assembly) before the machine can run according to instructions. The machine can only understand machine code, so it must be "assembled".
Then the question arises, what is the use of "compiling"? In a high-level language like C language, wouldn't it be faster to assemble it directly and turn it into machine code?
ai answer
Although directly assembling C language into machine code may achieve higher performance, the assembly step in the compilation process can provide better portability, development efficiency, optimization capabilities, and code readability and maintainability. Therefore, in most cases, we use C language to compile assembly code and then generate machine code to balance the trade-off between performance and development efficiency.
The function of IDA is to disassemble and decompile (you press f5 to decompile). If you want to understand the disassembly, then look up the table. For example, 0x55 is push ebp, so there is a one-to-one correspondence.
But the principle of decompilation seems to be difficult.
2. Big endian and little endian
I roughly understand what the teacher said, that is, how most data is stored. Most of the data in the stack have low addresses corresponding to the data locations, just like the little endian order in the figure. Big endian is rare
is the 0A0B0C0D you input in sequence. After being pushed onto the stack, it becomes
. 0D is pushed in first, and then once. . .
3. IDA tips, look at the assembly code of C language. Right click and acc
For example, this is the decompiled code of the main function
If you want to see his disassembly code then go
Press space to display text format
5. Local debugging + remote debugging + static analysis
produce
debug
send
It can also be written as p32(0)+b"45fafasdfsd"
remote debugging
First run it simply, and you can see its effect, which is to change the capital I side to you
Then we run debugging in gdb. I installed the pwndbg plug-in here, and the ubuntu provided by pwn God.
Heap introductory series (2) gdb dynamic debugging_gdb view heap-CSDN blog
Make a breakpoint b main
b is the abbreviation of break, and the usage method is b *0x004800 (* plus address)
or b main (add a function)
Make it clear that the breakpoint is
Then run, you can run it with run or the abbreviation r.
Enter n to continue reading, which means next.
n execute the next instruction ni steps into
After finding the vulnerable function
s step, si single step, then press n to run, then stack 24
Use vmmap to directly view the memory space of the process
RIP stores the address of the currently executed instruction
RSP stores the top address of the current stack frame
RBP stores the stack bottom address of the current stack frame
RAX general purpose register. Store function return value
6. The use of strings allows you to view visible characters faster and search for flags directly.
I don’t have any examples, but the usage is, if you can see it with shift+f12, you can search it by strings
7. You can also check whether the file is 32-bit or 64-bit.
9.setvbuf() closes the buffer. Its function is to allow you to run the program faster, so don’t worry about it if you see it.
10. Dynamic debugging is to prevent the questioner from maliciously modifying the storage space of variables in static files.
12.PIE protects the address of the BSS buffer, and ASLR protects the address of the text and data buffers.
How to protect it is to make the address of your logo different every time you run it, and the address is randomly offset by one or two bits.
13.Why multiple addresses can be successful