Download presentation
Presentation is loading. Please wait.
Published byVictoria Cornelia Martin Modified over 8 years ago
1
./a.out Having fun with system internals Facundo de la Cruz (@_tty0)
2
Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me
3
Facundo M. de la Cruz (tty0) IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me
4
Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me
5
Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me
6
Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me
7
Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me
8
Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me
9
Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me
10
Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me
11
Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me
12
➔ Real mode - 20 bits segmented memory address space. - Only 1 MB of memory can be addressed. - Direct access to BIOS (EFI/UEFI ???) ➔ Protected mode - Provide protected memory. - Memory paging support. - Global Descriptor Table (GDT) and Local Descriptor Table (LDT). ➔ Long mode - 64 bits address: 16 EB of memory address (16 billion of GB) - 64 bits instructions and registers. - 16 and 32 bits programs are executed in a sub mode. - Extension of the 32-bit instruction set, but unlike the 16–to–32-bit transition CPU operation modes
13
There are four privilege levels, numbered 0 (most privileged) to 3 (least privileged), and three main resources being protected: memory, I/O ports, and the ability to execute certain machine instructions. About 15 machine instructions, out of dozens, are restricted by the CPU to ring zero. CPU privilege separation
14
System calls
15
o An exit program in ANSI C o The same program in INTEL x86 ASM System calls
17
From arch/x86/include/asm/unistd_32.h
18
System calls From arch/x86/include/asm/unistd_32.h From exit(3) man page
19
Having fun with ELF
21
From../include/linux/elf.h
22
Having fun with ELF
23
From../include/linux/elf.h
24
Having fun with ELF From../include/linux/elf.h
25
Having fun with ELF
29
ELF Sections and Segments.bss Uninitialized data ( static int i; ).data Initialized data (static, global, and local variables).rodata Static constants and strings..text Program instructions (code)
30
ELF Sections and Segments.bss Uninitialized data ( static int i; ).data Initialized data (static, global, and local variables).rodata Static constants and strings..text Program instructions (code)
31
ELF Sections and Segments
34
Shellcode looks like…
35
Questions??? }:-)
36
And finishing… Thanks…
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.