OSCP – Detail Guide to Stack-based buffer Overflow – 2

OSCP Study materialbuffer overflow

In this blog, we will talk about CPU architecture & its components

cpu architechure

The CPU consists of Four Parts:

The Control Unit is generally a sizable collection of complex digital circuitry interconnecting and directing the many execution units (i.e. ALU, data buffers, registers) contained within a CPU. This is place in the CPU which is responsible for the retrieving and decoding the instructions as well as storing and retrieving the data into the memory while the CPU. is actually executing the instructions.

The Execution Unit (also called a functional unit) is a part of the central processing unit (CPU) that performs the operations and calculations as instructed by the program. So the actual execution of instructions happens here.

When a CPU is actually executing the instruction then it needs some internal memory location to perform calculations so these are called registers. So think of registers is some sort of internal variable inside the CPU and the values of registers are kept changing, depending on what CPU is doing currently.

The flags are used to indicate various events when the execution happen . for example the “zero flags – nothing but whenever any instruction results in zero”. When you performing to Subtract two numbers then “zero flags” are used.

Now we need to focus on CPU register coz this is most important as per CPU perspective.

32 bit – CPU Registers

cpu registers

The CPU registers are being used in assembly programming. The general-purpose registers are mostly used for the programming. so we don’t need to focus on the programming side but for exploitation perspective, we need to understand the most important general purpose registers and instruction point registers.

General Purpose Registers

general purpose registers

There are 8 types of 32-bit general-purpose register. Let’s get some details:-

EAX – It’s an accumulator register is used for short-term, intermediate storage of arithmetic and logic data in a computer’s central processing unit.  The most elementary use for an accumulator is adding a sequence of numbers. The numerical value in the accumulator increases as each number is added, exactly as it happens in a simple desktop calculator (but much faster, of course). Once the sum has been determined, it is written to the main memory or to another register.

EBX – Base register is generally storing the pointers of data. It is a non-volatile general-purpose register. It has no specific uses but is often set to a commonly used value (such as 0) throughout a function to speed up calculations.

ECX – Counter Registers is a volatile general-purpose register that is occasionally used as a function parameter or as a loop counter.

EDX – Data register is a volatile general-purpose register that is occasionally used as a function parameter. Like ecx, edx is used for “__fastcall” functions. Besides fastball, edx is generally used for storing short-term variables within a function.

ESI & EDI – These are data Index registers are used for indexed addressing and sometimes used in addition and subtraction.

  • Source Index (ESI) − It is used as a source index for string operations. ESI is a non-volatile general-purpose register that is often used as a pointer. Specifically, for “rep-” class instructions, which require a source and a destination for data, esi points to the “source”. esi often stores data that is used throughout a function because it doesn’t change
  • Destination Index (EDI) − It is used as the destination index for string operations. EDI is a non-volatile general-purpose register that is often used as a pointer. It is similar to esi, except that it is generally used as a destination for data

ESP & EBP – Stack Pointer & Base Pointer registers are pointer registers which have the following tasks.

  • Base Pointer (EBP ) – EBP is a non-volatile general-purpose register that has two distinct uses depending on compile settings: it is either the frame pointer or a general-purpose register. If compilation is not optimized, or code is written by hand, ebp keeps track of where the stack is at the beginning of a function (the stack will be explained in great detail in a later section). Because of the stack changes throughout a function, having ebp set to the original value allows variables stored on the stack to be referenced easily. This will be explored in detail when the stack is explained. If compilation is optimized, ebp is used as a general register for storing any kind of data, while calculations for the stack pointer are done based on the stack pointer moving (which gets confusing — luckily, IDA automatically detects and corrects a moving stack pointer!)
  • Stack Pointer ( ESP ) – ESP is a special register that stores a pointer to the top of the stack (the top is actually at a lower virtual address than the bottom as the stack grows downwards in memory towards the heap). Math is rarely done directly on esp, and the value of esp must be the same at the beginning and the end of each function. esp will be examined in much greater detail in a later section.
  • Those who are not familiar with stack we will discuss about the stack later on.

Instruction Pointer Register

EIP, or the instruction pointer, is a special-purpose register which stores a pointer to the address of the instruction that is currently executing. This is the most important register among all for exploitation purpose.

Making a change in address is like adding to or subtracting from the instruction pointer. After each instruction execution, a value equal to the size of the instruction is added to EIP, which means that EIP points at the machine code for the next instruction. This simple example shows the automatic addition to EIP at every step:

eip+1      53                push    ebx
eip+4      8B 54 24 08       mov     edx, [esp+arg_0]
eip+2      31 DB             xor     ebx, ebx
eip+2      89 D3             mov     ebx, edx
eip+3      8D 42 07          lea     eax, [edx+7]

Now I hope these details are enough to understand the general concepts about general-purpose and instruction pointer registers. Next blog, we will focus on program Memory.

Thanks for visiting this blog. Join Certcube Labs for IT security Training & Certifications.

References :

  1. https://whatis.techtarget.com/definition/accumulator
  2. https://wiki.skullsecurity.org/Registers
  3. https://www.tutorialspoint.com/assembly_programming/assembly_registers.htm
  4. https://www.youtube.com/watch?v=K0g-twyhmQ4

Leave a Reply

Your email address will not be published.