1
00:00:01,820 --> 00:00:08,540
Hello, everyone, welcome to our first video of our binary exploitation series, we'll first begin

2
00:00:08,540 --> 00:00:14,660
with some concepts about CPU registers, machine code and some assembly language to make it easier for

3
00:00:14,660 --> 00:00:16,790
you to understand everything in this module.

4
00:00:18,410 --> 00:00:25,220
The CPU is a center process unit or central processing unit is in charge of executing machine code,

5
00:00:25,610 --> 00:00:27,490
which is in excess of any program.

6
00:00:28,580 --> 00:00:35,570
This machine code or sometimes called machine language is set of instructions in X.

7
00:00:39,920 --> 00:00:46,190
These instructions could be anything from moving data from one register to another, jump from one section

8
00:00:46,190 --> 00:00:52,370
of the code to another, or some arithmetic or logic operations like subtraction or addition.

9
00:00:53,810 --> 00:01:01,370
Since Hex itself is hard to read and understand, we tend to translate it to minimal code, also called

10
00:01:01,370 --> 00:01:02,360
assembly language.

11
00:01:03,320 --> 00:01:06,620
The program responsible of translating is called Assembler.

12
00:01:07,160 --> 00:01:18,110
The most popular one in Linux is called Nazan a.m. and when one is called message and it sent, let's

13
00:01:18,110 --> 00:01:24,080
take a look at Hello World Program in assembly and compared with the machine code we get from object

14
00:01:24,080 --> 00:01:24,530
dump.

15
00:01:51,510 --> 00:01:57,390
This is the machine code on the left side and our slides compared to what we saw in your simplifier

16
00:01:58,650 --> 00:01:59,040
here.

17
00:02:02,000 --> 00:02:10,310
An object dump, we use the dash cam until 4:00, showing until Syntex in this module, we will only

18
00:02:10,310 --> 00:02:12,960
cover it until eighty, eighty six instructions.

19
00:02:17,720 --> 00:02:20,990
You often hear people say 32 or 64 bits.

20
00:02:20,990 --> 00:02:21,350
Right.

21
00:02:21,950 --> 00:02:25,100
So now eighty eighty six process is is the three.

22
00:02:25,100 --> 00:02:26,180
Two bits one.

23
00:02:27,490 --> 00:02:35,770
And that's the size of the CPU registers, peace register is 32 bit in size, CPU registers are like

24
00:02:35,770 --> 00:02:38,620
small memory, like you read your random access memory.

25
00:02:39,220 --> 00:02:45,670
They are accessed by your CPU store and fetch temporary variables that and they are also very, very

26
00:02:45,670 --> 00:02:49,350
fast, much, much faster than your REM.

27
00:02:50,800 --> 00:03:00,870
Let's take a look at some of the general-purpose registers here in our slide index, Ebix E, DBP,

28
00:03:00,920 --> 00:03:02,080
CI Eddi.

29
00:03:04,720 --> 00:03:07,800
We can access the second half of each register.

30
00:03:07,810 --> 00:03:16,360
Sofra as the second half of year X is X and that's a sixteen bit of the register, not the whole 32.

31
00:03:18,850 --> 00:03:27,390
The added to it is only 432, a bit short for extended, so the helix will be extended accumulator register,

32
00:03:28,090 --> 00:03:34,240
but the 16 registers AICS same thing for X register.

33
00:03:34,240 --> 00:03:39,680
If you if we want to access the second half of it, it will be six only without it.

34
00:03:41,260 --> 00:03:47,680
What if we want to access half of the X in order to access the first half and X is called H.

35
00:03:48,580 --> 00:03:52,420
H is second to the mean it's called.

36
00:03:52,420 --> 00:03:58,210
It's the second half of the of X is called El.

37
00:03:59,310 --> 00:04:02,800
H stands for high and L stands for low.

38
00:04:03,210 --> 00:04:05,340
Keep that in mind, we will need that later.

39
00:04:06,540 --> 00:04:11,850
There is also another important register called IP or extended instruction pointer.

40
00:04:12,450 --> 00:04:19,350
This register controls the program, execution its source a pointer to the next instruction in memory,

41
00:04:19,350 --> 00:04:23,740
and it's often controlled by hackers to exploit a binary program.

42
00:04:25,140 --> 00:04:30,360
So when we run a program, it will be organized in memory, like this picture from our slide.

43
00:04:32,070 --> 00:04:34,980
Keep that in mind, since we will need this later.

44
00:04:37,070 --> 00:04:44,830
But that text section contains your actual code, and it's marked as read only the HEAP'S section contains

45
00:04:44,840 --> 00:04:52,910
variable used by functions like Mellark or Retallack and Free or maybe Callick because it works the

46
00:04:52,910 --> 00:04:53,840
same as mallock.

47
00:04:55,370 --> 00:05:01,070
These functions will request a memory space to assign for this specific variable.

48
00:05:02,300 --> 00:05:06,620
Then finally, the Steck, which is the main ingredient of our recipe.

49
00:05:07,470 --> 00:05:14,250
Think of Steck as a stack of dishes, if you put one plate on top of the other, then when you want

50
00:05:14,250 --> 00:05:18,130
to take one of them out, you will start from the last one you added.

51
00:05:18,150 --> 00:05:18,490
Right.

52
00:05:19,140 --> 00:05:22,650
This is called litho or last in, first out.

53
00:05:24,120 --> 00:05:31,400
The stack is used to store return addresses and function arguments and storing local variables.

54
00:05:31,740 --> 00:05:33,710
We will get to this later in detail.

55
00:05:36,290 --> 00:05:43,700
That he experiencers also called stack pointer, it points to the top of the stack each time we push

56
00:05:43,700 --> 00:05:46,940
value on the stack, the VSP points to the next one.

57
00:05:48,760 --> 00:05:53,920
Same thing, if you remove something from the stack, it will point to the one we just added before

58
00:05:53,920 --> 00:05:54,130
it.

59
00:05:56,270 --> 00:06:01,790
First thing we need to know about STAC that it goes downward, not upward, like a rheostat.

60
00:06:02,770 --> 00:06:10,920
So if the address is zero, x, f, f, f, f, f, then Stack will grow.

61
00:06:12,340 --> 00:06:17,980
Towards zero zero, right, let's go back and take a look at the picture here.

62
00:06:22,190 --> 00:06:28,760
In our next video, we will take a look at the effect of push instruction on this stack using GDB debugger.

63
00:06:30,020 --> 00:06:31,010
Thanks for watching.

64
00:06:31,040 --> 00:06:32,150
See you in the next one.