ST

cr1tt3r on Fri 25 Feb 2011

Awesome vid! I've been learning so much from these!

Vivek-Ramachandran on Sat 26 Feb 2011

Thanks! Please let me know if you have any feedback and any request for other topics in this series.

equinox on Wed 02 Mar 2011

you r really great sir , i am leaning from ur videos very much . can u plz make a megaprimer about the backtrack O.S & their tools?

paulcantr on Sun 06 Mar 2011

These are just great.

atoi on Wed 09 Mar 2011

Really enjoying the videos, thanks for the hard work.

Null on Wed 23 Mar 2011

Those videos are perfect. Thank you very much for taking time to make them, i have learned a lot from them! I just have one question :). In this video (5th) you ask why is the float number not displayed as expected. I guess it has to do with it being a Single Precision floating point number, but i do not completely understand this. So could you please give me a tip or something, since i am new to all this and wikipedia confused me a bit! Thanks in advance, and again really appreciated work man.

Zukin on Wed 06 Apr 2011

Polynomial: floating points aren't precise if you're using small ones
Polynomial: single is a 32-bit float
Polynomial: double is a 64-bit float
Polynomial: though asm doesn't distinguish data types anyway
Polynomial: it'll store the closest approximation of the data
Polynomial: 10.2299995 is only 0.0000005 away from your actual value, a total of only 0.00000489% error
Polynomial: anyhoo
Polynomial: see http://en.wikipedia.org/wiki/Floating_point#Internal_representation
(20:52:14) Polynomial: there are also ways to do arbitrary precision float operations
Polynomial: but they're complicated in assembly
Polynomial: essentially you treat your exponent bias as a few orders of magnitude lower and calculate the further precision
Polynomial: erm, orders of magnitude higher*
Polynomial: so for example 0.000001 is treated as 1
Polynomial: then you re-calculate your math
Polynomial: and lower magnitude again
Polynomial: and re-interpret your result
Polynomial: and repeat for further precision

Cr0neen0rC on Thu 07 Apr 2011

Love you man, thanks a lot.

Zukin on Sat 09 Apr 2011

Vivek you SUCK!!

Just kidding. Another perfect video. Thanks a lot! :)

Daemonio on Sun 17 Apr 2011

Always Nice. I would like to request you to put subtitles in your videos. It will easy the understanding of people who's not an expert in English (like me :|)

Keep the great working! bye

sekstiseks on Fri 29 Apr 2011

Vivek great tutorial!
One question though, why didnt you set the breakpoint with the linenumber, like Break 33..

Why use Break *_start+1?

Ones again, thank you for making these super tuts! Hope you'll make more!

Col_Loki on Fri 29 Apr 2011

I was wondering that too (the *_start+1).

Thanks for another great video.

thoth_mes on Sun 01 May 2011

These are really good.. thanks, keep up the good work..

balder on Tue 17 May 2011

Great series of videos thanks, and thanks for the site

balder on Tue 17 May 2011

oh i also wanted to ask what the nop keyword on the first line of _start is for, cheers

Gripen on Mon 23 May 2011

Very nice video again. I really like the way you do these vids, and I actually learn more then at school computer science heheh. You might wanna say . as DOT and not DART or something haha :D love your accent though!

FuzzyNop on Thu 26 May 2011

balder, NOP keyword is a command that performs "no operation", it essential wastes a cpu cycle. You will likely see more about nops in later videos as they become very important in bypassing address space randomization :-)


Yeah , ironic i know...

charst46 on Sun 29 May 2011

AS usual, great info. Learning incredible amounts. There is not enough room to say how appreciated this info is.

madr on Wed 01 Jun 2011

Thanks, great info!

TheKeyMaker on Sat 18 Jun 2011

@Vivek: Very good work so far. I'm learning a lot and the way you present it gives me motivation to continue and experiment in my own. Thank's a lot for your effort.

@sekstiseks: I'm not very sure but that's the most logigal explanation for me:
the command "break *_start+1" sets a break-point to the second instruction (line 33) in the _start section. Fhe first instruction is nop in line 30 and you can set a break-point by typing "break *_start".
The asterisk (*) is used to match anything that comes before the _start section (in this case the empty space).
I hope that helps

Alteminor on Sun 19 Jun 2011

Excellent job. Thanks so much for these.

orrala on Sun 19 Jun 2011

thank you

Viraj on Sun 03 Jul 2011

Thank you and I really appreciate your effort..!

xplt on Fri 08 Jul 2011

As always! Another great movie! Thank you Vivek!

neo on Wed 13 Jul 2011

wonderful vivek.
another awesome video.
mind blowing.
i learned a lot from these videos.
thanks vivek.

ipatch on Wed 13 Jul 2011

Once again this video series is awesome, and this video is no exception. Awesome work!

security123 on Thu 21 Jul 2011

hust give me link of other tutorial which you have uploaded .really you are great mentor.
thanks again.

ericgearhart on Thu 28 Jul 2011

these videos are great man, thanks for this site and these videos. I never felt comfortable with understanding the fundamentals of exploits until I stumbled across this site.

purgatoroid on Thu 28 Jul 2011

About the *_start+1 thing:
the * actually means a pointer in this case, not a search wildcard. I found this out by trying to insert a break point in a program at main+1, which returned an error from gdb. Instead you have to insert the break point at *main+1, because then it understands you are pointing to a location.

purgatoroid on Thu 28 Jul 2011

btw, in addition you can use &HelloWorld to refer to the address of the HelloWorld string.

bot_master on Sun 14 Aug 2011

great... nice work

ins4n34u on Sat 27 Aug 2011

Thanks so much Vivek :) i hope to make it to the securitybytes 2011 conference!

Sceleratus on Tue 30 Aug 2011

awesome work thanks very much

rK on Sat 03 Sep 2011

awsome series.....btw what is as -gstab option?

Clint on Tue 13 Sep 2011

rK if you check out the command options like so: as --help
you will see that -gstabs is to generate the debugging information into the assembled file so that you can get the most information out of gdb.

This is similar to the -ggdb option used for gcc when compiling c program files.

jmcboots on Wed 28 Sep 2011

Another great video. A slight oversight for the complete noob (like me!) is the -gstab option. But I did a quick search to figure it out. So its all good.

Erix on Mon 16 Jan 2012

hi, thanks for nice vids!
sry for being too newbie but u didn't talked about nop in system exit ! what is it?
thanks again.

Mano on Thu 19 Jan 2012

Awesome. I was waiting for such tuto. Thank you so much.

enteon on Tue 06 Mar 2012

(gdb) x/1dw 0x00000000006000d1
0x6000d1 <Int16>: -1374420989
(gdb) x/1dh 0x00000000006000d1
0x6000d1 <Int16>: 3
(gdb) x/1db 0x00000000006000d1
0x6000d1 <Int16>: 3

WTF? little-endian?!?!

uh... it's all about eggs -.-

I love how I learn random stuff from you vivek :D

TLkHaxs on Sun 11 Mar 2012

Nice videos
I hope you keep doing more
Thankss you so much
Greetings.

Trinculo on Tue 27 Mar 2012

At 08:30, in gdb you displayed the contents of the memory location where we have the string "Helloworld" by entering
x/12cb 0x8049084
The output came out as both character and the ascii value.
Is there a way to just dump the ascii text

HoneyBunny on Mon 30 Apr 2012

Thank you very much. You are great!