Presentation is loading. Please wait.

Presentation is loading. Please wait.

./a.out Having fun with system internals Facundo de la Cruz

Similar presentations


Presentation on theme: "./a.out Having fun with system internals Facundo de la Cruz"— Presentation transcript:

1 ./a.out Having fun with system internals Facundo de la Cruz (@_tty0)

2 Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me

3 Facundo M. de la Cruz (tty0) IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me

4 Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me

5 Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me

6 Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me

7 Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me

8 Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me

9 Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me

10 Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me

11 Facundo M. de la Cruz IT Consultant on DC Solutions High Availability Expert Red Hat Enterprise Linux Certified Instructor Oracle Solaris official Instructor GPG ID: 0x5627089 I write on my blog and in my Twitter http://codigounix.blogspot.com.ar/ http://twitter.com/_tty0 About me

12 ➔ Real mode - 20 bits segmented memory address space. - Only 1 MB of memory can be addressed. - Direct access to BIOS (EFI/UEFI ???) ➔ Protected mode - Provide protected memory. - Memory paging support. - Global Descriptor Table (GDT) and Local Descriptor Table (LDT). ➔ Long mode - 64 bits address: 16 EB of memory address (16 billion of GB) - 64 bits instructions and registers. - 16 and 32 bits programs are executed in a sub mode. - Extension of the 32-bit instruction set, but unlike the 16–to–32-bit transition CPU operation modes

13 There are four privilege levels, numbered 0 (most privileged) to 3 (least privileged), and three main resources being protected: memory, I/O ports, and the ability to execute certain machine instructions. About 15 machine instructions, out of dozens, are restricted by the CPU to ring zero. CPU privilege separation

14 System calls

15 o An exit program in ANSI C o The same program in INTEL x86 ASM System calls

16

17 From arch/x86/include/asm/unistd_32.h

18 System calls From arch/x86/include/asm/unistd_32.h From exit(3) man page

19 Having fun with ELF

20

21 From../include/linux/elf.h

22 Having fun with ELF

23 From../include/linux/elf.h

24 Having fun with ELF From../include/linux/elf.h

25 Having fun with ELF

26

27

28

29 ELF Sections and Segments.bss Uninitialized data ( static int i; ).data Initialized data (static, global, and local variables).rodata Static constants and strings..text Program instructions (code)

30 ELF Sections and Segments.bss Uninitialized data ( static int i; ).data Initialized data (static, global, and local variables).rodata Static constants and strings..text Program instructions (code)

31 ELF Sections and Segments

32

33

34 Shellcode looks like…

35 Questions??? }:-)

36 And finishing… Thanks…


Download ppt "./a.out Having fun with system internals Facundo de la Cruz"

Similar presentations


Ads by Google