General knowledge

Pwn refers to the exploitation of a vulnerability in a binary to gain access to sensitive data or gain unauthorized control over the service.

Memory Segmentation

There is several segment into process memory :

  • RESERVED : the "Reserved" section is at the first address of the memory (0x00000000). It contains the operating system's kernel and other important system components, such as device drivers.

  • TXT : the ".txt" section (also known as the "code segment") is a portion of memory that is reserved for storing the instructions that are executed by a program. This section of memory is typically located in the read-only portion of a process's memory.

  • PLT: the ".plt" section ( also known as the "Procesdure Linkage Table") is a table of entries that contain the address of the code for dynamically linked functions. When a program calls a dynamically linked function, it first calls the function in the .plt, which performs the necessary steps to locate the actual function and transfer control to it.

  • GOT: the ".got" section (also known as the "Global Offset Table") is a table of entries that contain the actual address of dynamically linked functions and variables. The .plt uses the .got to find the actual address of the function or variable when it is needed. The .got is typically used to store the address of functions and variables that are defined in shared libraries and are not known at compile time.

  • DATA : the ".data" section (also known as the "data segment") is a portion of memory that is reserved for storing global and static variables that are initialized at runtime. This section of memory is used to store the initial values for these variables, which are then used by the program when it is executed.

  • BSS: the ".bss" section (also known as the "uninitialized data segment") is a portion of memory that is reserved for storing global and static variables that are not initialized at runtime. This section of memory is used to store the initial values for these variables, which are then used by the program when it is executed.

  • HEAP : the heap is a region of memory that is used for dynamic memory allocation. It is called the heap because it is typically an unregulated space in memory where blocks of memory can be allocated and freed in any order.

  • LINKS : the "links" section (also known as the "dynamic linking" section) is a portion of memory that is used to store the code and data for dynamically linked libraries. These libraries are external code and data files that are linked to a program at runtime, rather than at compile time.

  • STACK : the stack is a region of memory that is used for storing local variables and function parameters. It is called the stack because it is organized as a last-in, first-out (LIFO) data structure, meaning that the last item to be added to the stack is the first one to be removed.

Segment | Address                          | Contents
--------|----------------------------------|-----------------------------------------
Reserved| 0x00000000                       | Program entry point, interrupt vectors
--------|----------------------------------|-----------------------------------------
.txt    | 0xYYYYYYYY (Platform-dependent)  | instructions executed by the program
--------|----------------------------------|-----------------------------------------
.plt    |                                  | Procesdure Linkage Table
--------|----------------------------------|-----------------------------------------
.got    |                                  | Global Offset Table
--------|----------------------------------|-----------------------------------------
.Data   |                                  | Global variables, static variables
--------|----------------------------------|-----------------------------------------
.bss    |                                  | Global variables, static variables
--------|----------------------------------|-----------------------------------------
HEAP    |               |                  | Dynamically allocated memory
        |               v                  |
--------|----------------------------------|-----------------------------------------
Free    |                                  | free memory area used for stack 
memory  |                                  | and heap growth
--------|----------------------------------|-----------------------------------------
LINKS   |                                  | External libraries and functions
--------|----------------------------------|-----------------------------------------
Free    |                                  | free memory area used for stack
memory  |                                  | and heap growth
--------|----------------------------------|-----------------------------------------
STACK   |               ^                  | Local variables, function params
        |               |                  |
        | 0xffffffff                       | 
--------|----------------------------------|-----------------------------------------

Registers

Registers are special memory locations that are built into the central processing unit (CPU). They are used to store data and instructions that are currently being used by the CPU, and they provide a high-speed storage area that can be accessed quickly and efficiently.

Registers are much faster to access than main memory (RAM), which means that they are essential for the efficient execution of a computer's instructions. Most CPUs have a small number of registers (usually between 8 and 128), and these registers are used for a variety of different purposes. For example, some registers are used to store the current instruction being executed by the CPU, while others are used to store the results of arithmetic and logical operations.

Addresses (Endianness)

Addresses are represented in different ways in memory. It’s called endianness.

Address
Little Endian
Big Endian

0xAABBCCDD

0xDDCCBBAA

0xAABBCCDD

0x1234ABCD

0xCDAB3412

0x1234ABCD

PreviousEncrypt to UncryptNextSTACK

Last updated