Before Getting Started¶
Running a Executable¶
Here we will look into how to run a executable file from the terminal .
So open terminal , for ubuntu users you can press the shortcut Ctrl+Alt+T
( Press Control
, Alt
and T
keys simultaneous ).
Let's check what is inside the current directory
1 2 |
|
So there are two files bof.c
and bof
. The ls
command printed out the list of all the files in the current directory.
1 2 3 4 5 |
|
file
Command show us that . One is a text files and other is a ELF executable .
Lets try to run the binary.
1 2 |
|
In Linux to run a executable file , the file should have the executable permission set , and if you try to run a file which does not have this permission set it will give a permission denied error , To assign executable permission to a file chmod command is used.
1 |
|
The above command gives the file bof
executable permission. Now you can run ./bof
inside your terminal to run.
Computer Memory¶
The computer you are using is like a powerful calculator. For a computer to perform tasks it has to store data or the input we enter through a keyboard, its just like how the brain works; to think, make decisions, and act, it has to be supplied with knowledge through the sense organs which is stored in our memory.
In information security, it is key to understand how data is stored in memory. One among the many basic concepts is endianness.
Bit¶
Bit is smallest unit of information for a computer. A bit can either be 0 or 1 and thus can represent 2 values.
Byte¶
A collection of 8 bits make up a byte. Each bit can represent 2 values, 8 bits combined can represent (2^8) values.
1 bit - 0 0 (2^1) = 2 values
1 1
2 bit - 00 0 (2^2) = 4 values
01 1
10 2
11 3
3 bit - 000 0 (2^3) = 8 values
001 1
010 2
011 3
100 4
101 5
110 6
111 7
As you can see here 2 bits have 4 combinations with 0 and 1, letting us represent 0,1,
2,3.
3 bits have 8, 4 bits have 16, so on and 8 bits have (2^8) = 256 combinations.
For convenience we will be using hex values.
Significant byte¶
When considering a hexadecimal value like 0x10203040 having 4 bytes, the most significant byte is the starting byte 0x10 and the least significant byte is the last byte 0x40
Endianness¶
Endianness is the order in which bytes are stored in memory
There are two ways to doing it; big endian and little endian.
Big Endian¶
Storing data starting from the most significant byte
address = 0x1000 value = 0x10203040
0x10000 : 0x10
0x10001 : 0x20
0x10002 : 0x30
0x10003 : 0x40
Little Endian¶
Storing data starting from the least significant byte
address = 0x1000 value = 0x10203040
0x10000 : 0x40
0x10001 : 0x30
0x10002 : 0x30
0x10003 : 0x10
Endianness of a computer is specific to the architecture.
An intel 0x86 architecture follows the little endian