Description: This is the second video in the "Assembly Primer for Hackers" series. Please begin here with Part 1, if you have not already done so before watching this video.<br><br>In this video we take an in-depth look at virtual memory organization concepts. The entire discussion is explained by taking a live example using the SimpleDemo.c code. We look at how one can use the /proc/PID/maps to peek into the layout of a program's virtual memory and interpret useful things. Also, we show how the Address Space Layout Randomization (ASLR) works in the latest 2.6 kernels and why this is significant from a security point of view. We also show how this can be disabled at runtime if the need be. This video is very important from an code exploitation perspective as it teaches us how to check for the presence of ASLR on a given system. <br><br><br><br><style type="text/css">body { background: #FFF; } </style> </div>
Tags: programming ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Very Interesting, I was unaware of stack protection in the linux 2.6 kernel.
Thanks! The old vanilla buffer overflows hardly work anymore and OSs are getting smarter and so are hackers :)
For anyone who is trying to make these examples work, make sure that when you compile, you include the following option -fno-stack-protector so gcc -ggdb -mpreferred-stack-boundary=2 -fno-stack-protector -o demo demo.c
*meant for this comment to be placed in the buffer overflow primer
thank you sir, for this amazing video!
Thumbs up! :D
This series is great. Thank you very much for taking the time to share it with us.
Thanks Vivik
1st all I'd like to thank you for all this effort
2nd
I've Fedora 14 with kernel "2.6.35.10-74.fc14.i686.PAE"
so when I looking in "randomize_va_space " value I found ...
cat /proc/sys/kernel/randomize_va_space
2
nor 1 neither 0
so kindly clarify these point
I also got the same from kingsabri on randomization of va space but I'll try to get some info on the kernel's documentation.
There's something else I didn't understand. AFAIK, there's no more such thing as "pre-established" memory locations to store/run the processes. I mean, when we fire a process, it will be placed at a free position of the RAM according to a certain algorithm, right?
But why does everything start at 08048000 then?
Thank you very much for your time at posting these videos and answering our questions.
Best regards
www.mjmwired.net/kernel/Documentation/sysctl/kernel.txt
randomize-va-space:
2 - Additionally enable heap randomization.
@root: based on these vids, free RAM positioning occurs in physical memory. Virtual memory mapping is always the same.
Thank you so much for creating these videos.
Great work.
Vivek,
As per your request I'm leaving you a comment.
I believe that the success of this video series is in the fact that:
- you provide a concise audio lecture, clearly communicating not too much & also not too little information
- you include visual aids which help in maintaining focus and clarity on the topic
- you are quick at explaining a topic, clearly, this not boring the viewer, and if more clarity is needed we can rewind the video and pay closer attention to what you're talking about.
- you type very well, you're quick, and it's easy to pause the video and follow along with what you're demonstrating.
- The coupling of audio/video/and hands-on training that you facilitate is truly remarkable.
You are very good at making training videos. PLEASE keep it up!!
Absolutely brilliant. This is only the second video I've watched on your site (after the first one in this series, which was mostly review for me) and I'm already quite excited about it. The whole thing is very well done.
Quick question:
Do you know anything specifically about the FreeBSD 6.3-RELEASE-p5 kernel? more specifically, I noticed that by default there is no address randomization used. Do you know if it has a switch somewhere that has been flipped? I could not find a /proc/sys/kernel/randomize_va_space file.
Any ideas? Just curious.
@root: If you return and watch Part1 in this series, Vivek explains that what we are dealing with will not be physical memory in the RAM but rather the operating system's abstraction of it, "virtual memory". The OS acts as though each process has the entire system to itself when displaying information about processes. Hence, everything starts at the same point. Watch Part 1 for more detail.
it help me lot i love this . what are the up coming series ??
And will i be able to download these videos? how can i download these videos ?????????????????????
Thank you very much >> and this is a nice Videos
but i have to ask you please .. what is your system??
windows or liunx
and putty is a tool to connect to the ssh .. is that correct ?
and can you make this more simple ?
thanks alot
Thank u very much ...........
Thanks you for a very great video. Really liked this Variable Stack segment concept.
hey how can i connect putty to backtrack from windows.. plz help me...
That was beautiful dude!!!!
Same as Zukin said!
You rock! =)
Great Video series, and Zukin's comments defines my own.
I think you divided the series very well,
into focused and concise videos.
Also, you explain things as if the viewers are pretty much beginners, not knowing a lot but have heard some things about the subject- which works very good for me, and for most of the guys interested in the topic, I guess.
Discussing this video specifically, I think you should have compared the actual VA space we've seen here to the theoretical one you explained about in Video I- Tell exactly which range here matches each range there (not only the stack and .text/.data).
Thank you so much sir,
It's really helpful video..
Excellent tutorial, it would be great if you provide more explanation on each column in /proc/[processID]/maps.
Thank you for your contribution!! :)
i suggest to work in xp but thanks bro
for sharing us ur time and effort
Thanks Vivek, really good videos so far :)
Once again, great stuff. Well organized and presented. Clear explanations and demonstrations.
Thanks for adding to the knowledge pool.
Excellent videos, I wish you had taught my assembly language classes in grad school. Very organized, clear, and easy to understand. Do you have videos on any other topics such as Memory Analysis and Forensics?
Excellent, excellent videos sir! This is really a wonderful public service you're providing us! Great work!!!!
Super Like!!
Thank you: you are really very clear in your exposition. Keep up with the good work!! Ciao, Chris
Thank you for a clear, direct explanation of stack function. I have found your videos to be excellent, building in a logical manner without assuming a base of knowledge the viewer may not possess. It is amazing how a skilled teacher can make a complex point seem simple and obvious.
Thanks a lot for this videoseries!
Thanks to you V-R I will learn Assembly. Thank you for these videos.
These are great. Thanks. :)
Any recommended reading , jedi master ?
as always the best video series out there.
Thank you for sharing.
Hi Mr Vivek-Ramachandran : thanx a lot
Excellent video, please give a Quick Reply on my email id.
i want more learn...
Thank You Very Much. .. .. . . :-)
Nice video, Keep it up.
Can you put some videos on the 'not so known' parts of linux as in the /proc filesystem etc.? That would be great.
As always! Another great movie! Thank you Vivek!
nice video..
thank you, very informative
hello! thAnks for the great video!!! I hAve 1 question though.. When I try to chAnge the value of the randomize_va_space responds with "bash: /proc/sys/kernel/randomize_va_space: Permission denied" I run suse 11.4 btw! Do you know whAt I cAN do to get access??
Hi Ram Bro,
WOW what a video amazing.. i always dreamt to be a security professional .But worried of training cost and correct materials today i found this wonderful site and amazed to see very basic videos..Please ..please ..please continue with this good work and so many people like me who are not affordable of training costs will be benifited..God bless you with more success in your life Thanks once again
Great Job Vivek!
These type of videos are exactly what I have been looking for, for getting a better understanding of Assembly!
Keep up the great work!
nice work
really nice!
niCe Sharing and Really helpfull in my System Programming course :)
Nice video ... keep on with the good work :)
Totally didn't think about the memory map in /proc. Good to know. Thanks for this vid.
As a side note, when using ps, leave out the dash and you won't get that warning. ie: ps aux , not ps -aux.
cheers.
Thanks for the great video. I have studied the theory explained in this video but didn't came across such a vivid practical explanation of it.
One thing I'm still confused about is how the OS manages different processes when they are laid on the same virtual memory space. Do you have video or link for it?
thanks!
Hi, I'm getting a video not found error for all the videos in this section. Could you please look into it as I would love to view them all.
Regards
Reino Mostert
hi,nice explanation!
I have kernel 3.0.0-14-generic ubuntu,
and by process id 's maps file shows libs files,vdso,heap and stack adresses but not showing starting address you mentioned 80840000-its showing starting from libs to stack...
whay?is that something they have prevented to see?
I tried to setup randomize_va_space with echo, but couldn't.
It works with sysctl kernel.randomize_va_space=0
On linux kernel 3.1.4
awesome.. liked it.. :)
Thanks Vivek...I'm a hobbyist and was kind of interested in this subject topic, but you teaching style has greatly kindled my interest to go deeper into it...keep up the good work !!
Hey Vivek, Really appreciate your demo style. Very clear explanations makes it easy to absorb this challenging information... Thanks!
wch software is used in this vdo i hav download putty bt when i start it ask for the ip...
plz help m totally new.........
excellent videos, mr. Vivek! They are really helpful! Thank you for the free lessons!
Is there a way to do it in Mac. There is no /proc directory in mac, and I could not find anything similar
First video was awesome, I'll keep studying :-)
Thanks you Vivek for starting this informative series as well as this excellent website. Could you please tell us how we can relate this in Windows world? Any equivalent tools which we can use to monitor?
I love the videos, Can't wait to finish the series.
These videos are AMAZING!! You are providing so much concise and useful informations in short amount of time! I can just say: EXCELLENT. Thank you very much Vivek!
Dont forget to add -m32 to your gcc compile if your running on a 64bit architecture guys!
Hi Vivek,
I heard from many out buffer over flow. I think finally i will understand it by end of this series.
Good work, Keep it up.
Praveen
Thank you very much for this wonderful video series, I wanted to know how much of a performance hit do we take through the randomized virtual memory model as opposed to the non randomized thank you.
Great as usually you are amazing ;)
thnx
the cat /proc/ # wont open the file 2 veiw in my version of back|track 5
explain pleas.
thanks so much very informitave vid.
great video one a gain very enjoyable
I have long come to a point that I don't anymore question the quality of your teaching materials; They're simply superb!
I look forward after these and the Windows ones to get into the Python Megaprimer.
Thank you Vivek
Very nice video. FYI, I couldn't do echo 0 > randomize_va_space, not even sudo echo 0 > randomize_va_space as it said 'Permission denied'. My uname -a is Linux cjayakum-KT334AAR-ABA-m8530f 3.2.0-30-generic #48-Ubuntu SMP Fri Aug 24 16:52:48 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux.
Fantastic video. The very tricky things to understand are explained in a simple language with perfect examples. Many thanks for your great work.!!
Superrrr....
I love this series of tutorials! I know the bare bones of x86 assembly but this series and the gdb mega primer have helped solidify a lot of knowledge for me. Thank you Vivek.
And if your system(such as Ubuntu 12.04LTS) does not play nicely when you are trying to modify /proc/sys/kernel/randomize_va_space just use the sysctl command like this:
sudo sysctl -w kernel.randomize_va_space=0
Backtrack is much more lax regarding rules that modify the kernel & low level drivers than Ubuntu or Debian, so I can see why that might be the best flavor of Linux to use.
enjoyed it, made tons of sense
Finally got some time to learn this. Thank you Vivek!
Thank you very much Vivek. Thumps up for this series.
not able to run putty giving error any help sir or anyone out there please provide the way out really in need of it
I have two questions the first one being the memory locations:
00400000-00401000 r-xp 00000000 08:01 793761 /home/oden/simpledemo
00600000-00601000 r--p 00000000 08:01 793761 /home/oden/simpledemo
00601000-00602000 rw-p 00001000 08:01 793761 /home/oden/simpledemo
and yours start at 08049000 so I was wondering why that was I am using a newer kernel 3.0 I think.
The second question is in regards to the 4 video and that its the system call table location and info is not the same as yours.
My location is /usr/include/asm-generic and the info inside does not appear to look the same