For assembly language programmer and exploit writer it is important to understand the concept of stack.
What is the stack ?
A Compiled program’s memory is divided into five segments: text, data, bss, heap, and stack. We will concentrate on the stack region, but first a small overview of the other regions is in order.The text segment is also sometimes called the code segment. This is where the assembled machine language instructions of the program are located.The data and bss segments are used to store global and static program variables. The data segment is filled with the initialized global and static variables, while the bss segment is filled with their uninitialized counterparts.The heap segment is a segment of memory a programmer can directly control. Blocks of memory in this segment can be allocated and used for whatever the programmer might need.
A stack is a storage device that stores information in such a manner that the item stored last is the first item received i.e. stack is a LIFO (Last Input First Output). The stack is a mechanism that computers use both to pass arguments to functions and to reference local function variables. Its purpose is to give programmers an easy way to access local data in a specific function and to pass information from the function’s caller. The stack acts like a buffer, holding all the information that the function needs.The stack is created at the beginning of a function and released at the end of it. Stacks are typically static, meaning that once they are set up in the beginning of a function, they really do not change; the data held in the stack may change, but the stack itself typically does not.
Why Do We Use Stack?
The stack’s primary purpose is to make the use of functions more efficient. From a low-level perspective, a function alters the flow of control of a program, so that an instruction or group of instructions can be executed independently from the rest of the program. More important, when a function has completed executing its instructions, it returns control to the original function caller. This concept of functions is most efficiently implemented with the use of the stack.
The stack is also used to hold function arguments and dynamically allocate space for local variables and to return values from the function.
Stack Operations : Several operations are defined on stacks. Two of the most important are PUSH and POP.Data is placed onto the stack using the PUSH instruction; it is removed from the stack using the POP instruction. These instructions are highly optimized and efficient at moving data onto and off of the stack.
The ESP stack pointer points to the top of stack. Stack-specific instructions, PUSH and POP, use ESP to know where the stack is in memory.
Stacks on Intel x86 processors are considered to be inverted. This means that stacks grow downward. When an item is pushed “onto” the stack, ESP is decreased and the new element is written in the resulting location. When an item is popped from the stack, an element is read from the location to which ESP points and ESP is increased, moving toward the upper boundary and shrinking the stack.Thus, when we say an element is placed on top of the stack, it actually is written to the memory below all previous stack entries.
In other words, Every time we push something onto the stack with push, %esp gets subtracted by 4 so that it points to the new top of the stack (remember, each word is four bytes long, and the stack grows downward). If we want to remove something from the stack, we simply use the pop instruction, which adds 4 to %esp and puts the previous top value in whatever register you specified.
Let's understand the stack operation. Suppose at initial state, there are some variables A, B, C stored onto the stack. So the initial state of Stack look like this :
Now we want to add a variable D onto the stack.To insert variable, We use the following command:
push D
After pushing D, stack look like this:
We we will remove the variable D from the stack. To remove variable,We use the following command:
pop D
After poping D, stack look like this :
Another relevant register to the stack is EBP. The EBP register is usually used to calculate an address relative to another address, sometimes called a frame pointer. Although it can be used as a general-purpose register, EBP has historically been used for working with the stack. For example, the following instruction
makes use of EBP as an index:
mov eax,[ebp+10h]
This instruction will move a dword from 16 bytes (10 in hex) down the stack into EAX.
Most compilers insert what is known as a prologue at the beginning of a function. In the prologue, the stack is set up for use by the function.This process often involves saving the EBP and setting EBP to point to the current stack pointer. This is done so that the EBP then contains a pointer to the top of our stack.The EBP register is then used to reference stack-based variables using offsets from the EBP.
To understand how the stack works in the real world, we need some understanding of the Intel CALL
and RET instructions.The CALL instruction makes functions possible. The purpose of this instruction is to divert processor control to a different part of code while remembering where you need to return.To achieve this goal, a CALL instruction operates like this:
1. Push address of the next instruction after the call onto the stack. (This is where the processor will return to after executing the function.)
2. Jump to the address specified by the call.
The RET instruction does the opposite. Its purpose is to return from a called function to whatever was right after the CALL instruction.The RET instruction operates like this:
1. Pop the stored return address off the stack.
2. Jump to the address popped off the stack.
This combination allows code to be jumped to and returned from very easily, without restricting the nesting of function calls too much.
For more detail :
http://programmingethicalhackerway.blogspot.in/2015/07/concept-of-function-in-c-hacker-section.html
What is the stack ?
A Compiled program’s memory is divided into five segments: text, data, bss, heap, and stack. We will concentrate on the stack region, but first a small overview of the other regions is in order.The text segment is also sometimes called the code segment. This is where the assembled machine language instructions of the program are located.The data and bss segments are used to store global and static program variables. The data segment is filled with the initialized global and static variables, while the bss segment is filled with their uninitialized counterparts.The heap segment is a segment of memory a programmer can directly control. Blocks of memory in this segment can be allocated and used for whatever the programmer might need.
A stack is a storage device that stores information in such a manner that the item stored last is the first item received i.e. stack is a LIFO (Last Input First Output). The stack is a mechanism that computers use both to pass arguments to functions and to reference local function variables. Its purpose is to give programmers an easy way to access local data in a specific function and to pass information from the function’s caller. The stack acts like a buffer, holding all the information that the function needs.The stack is created at the beginning of a function and released at the end of it. Stacks are typically static, meaning that once they are set up in the beginning of a function, they really do not change; the data held in the stack may change, but the stack itself typically does not.
Why Do We Use Stack?
The stack’s primary purpose is to make the use of functions more efficient. From a low-level perspective, a function alters the flow of control of a program, so that an instruction or group of instructions can be executed independently from the rest of the program. More important, when a function has completed executing its instructions, it returns control to the original function caller. This concept of functions is most efficiently implemented with the use of the stack.
The stack is also used to hold function arguments and dynamically allocate space for local variables and to return values from the function.
Stack Operations : Several operations are defined on stacks. Two of the most important are PUSH and POP.Data is placed onto the stack using the PUSH instruction; it is removed from the stack using the POP instruction. These instructions are highly optimized and efficient at moving data onto and off of the stack.
The ESP stack pointer points to the top of stack. Stack-specific instructions, PUSH and POP, use ESP to know where the stack is in memory.
Stacks on Intel x86 processors are considered to be inverted. This means that stacks grow downward. When an item is pushed “onto” the stack, ESP is decreased and the new element is written in the resulting location. When an item is popped from the stack, an element is read from the location to which ESP points and ESP is increased, moving toward the upper boundary and shrinking the stack.Thus, when we say an element is placed on top of the stack, it actually is written to the memory below all previous stack entries.
In other words, Every time we push something onto the stack with push, %esp gets subtracted by 4 so that it points to the new top of the stack (remember, each word is four bytes long, and the stack grows downward). If we want to remove something from the stack, we simply use the pop instruction, which adds 4 to %esp and puts the previous top value in whatever register you specified.
Let's understand the stack operation. Suppose at initial state, there are some variables A, B, C stored onto the stack. So the initial state of Stack look like this :
Now we want to add a variable D onto the stack.To insert variable, We use the following command:
push D
After pushing D, stack look like this:
We we will remove the variable D from the stack. To remove variable,We use the following command:
pop D
After poping D, stack look like this :
Another relevant register to the stack is EBP. The EBP register is usually used to calculate an address relative to another address, sometimes called a frame pointer. Although it can be used as a general-purpose register, EBP has historically been used for working with the stack. For example, the following instruction
makes use of EBP as an index:
mov eax,[ebp+10h]
This instruction will move a dword from 16 bytes (10 in hex) down the stack into EAX.
Most compilers insert what is known as a prologue at the beginning of a function. In the prologue, the stack is set up for use by the function.This process often involves saving the EBP and setting EBP to point to the current stack pointer. This is done so that the EBP then contains a pointer to the top of our stack.The EBP register is then used to reference stack-based variables using offsets from the EBP.
To understand how the stack works in the real world, we need some understanding of the Intel CALL
and RET instructions.The CALL instruction makes functions possible. The purpose of this instruction is to divert processor control to a different part of code while remembering where you need to return.To achieve this goal, a CALL instruction operates like this:
1. Push address of the next instruction after the call onto the stack. (This is where the processor will return to after executing the function.)
2. Jump to the address specified by the call.
The RET instruction does the opposite. Its purpose is to return from a called function to whatever was right after the CALL instruction.The RET instruction operates like this:
1. Pop the stored return address off the stack.
2. Jump to the address popped off the stack.
This combination allows code to be jumped to and returned from very easily, without restricting the nesting of function calls too much.
For more detail :
http://programmingethicalhackerway.blogspot.in/2015/07/concept-of-function-in-c-hacker-section.html
If you like this post or have any question, please feel free to comment!
Can you suggest some books for learning assembly for hacking?
ReplyDelete