We are now. >> Oh my gosh. Hello guys. What's up? Okay, that's it. So I'm not a professor, but it's okay. I, so we're going to be learning a little bit about owning today, at least getting started. Because to get started with pulling, there's actually like a, like there's a lot that you need to know before you can really even get started, or at least get started comfortably. And I guess I'll just, I'll just show you, I'll just write up some concepts as to what I mean. Can you guys see my like Notepad? Yeah, I have a OK. So some groaning concepts. And for those of you that don't know, putting basically just here's the same thing as binary exploitation, reshape, honing and CTF ran because it just sounds a lot cooler. So when it comes to honing, basically what you're doing is, is you're sort of just like taking a file or taking like an executable that's running and you want to make it do something that it wasn't necessarily I intended to do. And for at least the starter problems for like when you're just starting with binary exploitation, it usually involves like doing something crazy with the user input. So this is sort of taking in the fact that user input is the root of all evil. As a developer, you really do not want to trust user input. So I'll show you what I mean in a little bit. But when it comes to binary exploitation, some concepts that you really want to get comfortable with and that you only really get comfortable with by playing around with these problems and really like dissecting different executables is you definitely want to know about how the call stack works and get really comfortable with that. And then you also want to know about registers and what those are and what they do. And then you also want to get comfortable with X86 assembly and, and like being able to read it, right? Being able to read X86, assembly it comfortably. And you get this with practice. It's all just practice, Right? And then some tools that you can use in binary explication included like radar R2. I don't know how to say it, but it's there. You can use it and also GDB. And then for a lot of exploits when you're doing these types of CTF problems is you definitely want to be a little comfortable with Python and also hopeful. So for when you're just starting off, these concepts are sort of like what you want to look at and where to go. And it can be really overwhelming at first by it. Like I said, it just takes a lot of practice. So let's see where do I want to go next? Cc, cause I don't want to seem like a, like a trawling lecture because I personally get really work with lecture. So what you, what your, what do you think we should look at next? Because those are just sort of like the, the basic tools. >> So if you take a look at your notepad and we've got three things on there that I'd, I'd say the call stack, like I think of that as like calling conventions in the stack and the registers and the baseline things and X86. So, so like for calling conventions and the registers. So what are the key registers that people kinda need to know? >> Ok, so actually I think Frederick hot with a picture. So let me pull up guy to X86 assembly. So I'm a reader, I like to read a lot. And so this is a really great guy to X86 assembly that when I'm trying to solve these problems, I look at a lot and maybe you've taken a computer organization class, maybe you haven't. But just to sort of look at what registers are, if I had to keep it really simple. Registers are basically just like, like variables a1, the CPU. And you can sort of manipulate these registers to make the program do stuff that it's not really intended to do. So that's what registers are. And then here's a picture. Right away, our terminal is back up and running, so I should probably pull that up. Well, I mean, I shouldn't Yeah. See, I'm having I'm sorry. I'm just having a really hard time explaining this. This is little awkward. Oh, well, I like I feel like I feel the concept in my head, but then I don't feel like I'm getting it doesn't make sense. >> Sure. So so at that stage, I think the right thing to do is say, how comfortable does everybody like, like? >> So basically I would say that on those three things you wrote down, everybody needs to have a really precise mental model and everybody has to have the same mental model, roughly the same, or at least isomorphic mental models. >> So I think that a surprising number of folks, I think I spent, I did two weeks upon School probably at like week 1.5, people started confessing to me that he did. >> They didn't really understand the base pointer. And so it's like, okay, so it took like a week and a half before people became comfortable enough to even express that they didn't understand this. >> That's weird. >> That's weird. So so I don't know. >> Can you guys how about I say this? >> I think everybody gets that. >> We have registers that can store four or eight bytes of data like little variables. Is that is that fair to say? And if everybody gets that, these are essentially like short-term memory variables that the assembly is going to use to do various things. >> To some extent, if there's anything beyond that, it's sort of what are the protocols slash conventions slash kinda like typical behaviors that a program uses these things for. >> And honestly, a program can do whatever they want with any of these things. They're just there. They really are just variables that can hold four bytes or eight bytes depending on the architecture. But it intentionally uses them in very specific ways. And knowing the specific ways that they're used is actually the part that it makes people uncomfortable. So like I think we all get the registers, but I, I think that essentially understanding the stack pointer and the base pointer are really key. Like how does this stack pointer move? How does the base pointer move? What do they really represent like how does that work? >> When, when I go to call a function? >> And then the other ones are kind of more general purpose. >> But I would say that EAX is almost always like return values and often it's used for like arguments. >> Edi and ESI are like the first two arguments in a 64-bit thing, except for then it's RDI. Rsi. So like the kind of the other ones are, are often link arguments, fillers, pointers, things like that. But standpoint or base pointer have a unique identity that everybody has to get cold. >> And actually it can be fairly complex. >> So like I don't know, how about Daniel Lucas, Pat and maybe even patina. >> You want your mouths but what does that mean? >> Yes. Thank you. >> Okay. Yeah. >> I now understand that you want to know, okay. >> Where is it? >> Oh, it's in that room. >> Right. >> Can you guys give me on a one to ten? >> How comfortable are you with the conventions as how registers are or how ESPN EBP work. >> In practice, I'll definitely like a three. Okay. >> Although I would like to expand on your point a little bit, I had like a vague idea of what Twitter was doing. >> If a1 is hacking, the art of exploitation. >> I've got that opened on my computer right now and I find it awesome description of like the pneumonics behind the registers. And it sort of blew my mind last night. >> And I can send that people play want sure. >> Absolutely share. >> Yeah, and you can share it in the the discord Po1 Learning Channel for sure. >> That's kind of our permanent record of educational resources. Hopefully it's permanent. I don't know if I discord will get rid of my history at some point. All right. So Luca says to Pat said three. Daniel, what's your one to ten on base pointer, stack pointer like fine. >> Okay, good. >> So so this is, this is the confirmation of, I think what I'm saying is like let's get those numbers up till egg 8910 in order to make sure that the model of what those do is really clear. And I have a feeling that we're probably uncovering some sort of a, a need for really great, like animated GIF, right? >> Like I think, I think that we need a great animated GIF to go around in these like intellectual circles in order to best help this thing, where if somebody has one that does this job, great. But if not, I think we should probably build one ourselves. >> Alright, so Pat's thing that blew his mind is pointers, indices, stack pointer, base pointer, source, and excess nation index. Okay. >> It was specifically like AS ESI and EDI, yeah, Being Source Index and that station. >> So it's like these are just met places, a number we're gonna copy from the source to the destination. >> I was like, Oh, that makes sense. Yes. >> And just the the the the thing you said is correct. >> I think technically about these are just things that we have access to, but we don't really, no one, no one writes. >> This stuff is all compiled through the same like GCC. And so it's always, almost always working in the same way as mnemonics do carry a lot of weight? >> Yes, yes. >> And and and this is why I like the word conventions is the right word for this stuff. >> Okay. So did does anybody know of like an animated GIF explaining stack pointer or there might be one mega-base. >> Is that yeah, let's see if that animates top-left tablet, right? You're seeing on my screen and watching a pickup, the Abhilash. >> This one. >> Yeah, that looks like really promising, right. >> Is it just it just lashing? >> It looks like it's in a turned red here, terry, brad. >> But that a site like moving visit, the website where it's on is at the core website visited. Ok. Where is it's gone. Images not there. >> It's not there now. Yeah. >> Gosh. >> I just like, oh, here's a here's a GIF that is part seven. >> Let's see, I think this person was doing in ARM. >> So one, How about the base line? >> There is a data structure called a stack. >> That is, is a simple, simple data structure, but it's worth if you open a tab will do like stack visualization. >> Actually, those videos might do alright, but yeah, okay, stack visualization. >> There you go. >> Just click that guy there. >> This is a stack here. >> You'd say, hi push, then by push. >> Now let's add one more thing. And let's say a, a push, b, push, sea push. >> Okay, so I'm going to draw on your screen. >> Oh, can I join is fluency annotation spirit, where my annotations at you options. And we can empty sometimes like an entity or you think it's some sort of like they turned it off by default because it's zoomed bombing or whatever that is, or they've been cowards. >> New. Alright, well, I can anybody else annotate it? >> Just me. >> Alright, this is my meetings. >> Okay. Is it like a setting? >> Reference, alias enter, full screen sharing. Crucial. Currently, don't worry about that. >> Chain rule. >> I'm wondering, I've seen a lot of stuff on Zoom is, is the world now. >> Some, I'm wondering if they, I wonder if they've turned off annotation by people. >> Anybody else? >> Anybody else. >> I confirm that they cannot annotate the Screenshare anymore. >> I had a pea under moire. >> Now you can pad or you can to what? >> I cannot, making sure Where do I normally it was like view options or to the right of your screen. >> Okay, anyway, all I wanted to do with my annotations would be put your mouse to the left of high. >> That is where the base pointer points. >> So her mouse as a pointer would be indicating that spot, that's the base pointer. >> And then when a program is running, stuff gets added. >> And all that it means is that now put your mouse to the right of the sea. >> Nope, there, that's the stack pointer. >> So what happens when there's two operations here at play? >> There's push x and pop x del me to put that on there. >> That no, no, no. >> And actually I think it's an important distinction. >> If I look at the actual assembly code for push, let's say typically when I see it, the push is going to look like push EAX. >> Alright? Now when you do a push EAX, it doesn't like it. >> Well, understanding what happens exactly is important. And I wish I could, wish I could draw some texts on there for the people who are watching this future because I'm putting it in like our little chat. But that doesn't help. >> Maybe you can like, well, whatever. >> When you do push EAX, what it's gonna do is it's going to subtract the base pointer by four bytes. >> So it's going to move her mouth to the right and it's going to add the contents inside of register EAX at that moment in time to the stack. >> So it doesn't, it's not like it adds the string edX is sack or something. >> And then it's going to like read the value in edX, subtract four from the base pointer to make room and read the values in edX to the stack. What work? >> Yes. You subtract four from the stack pointer, which would loop for males to the right from the base point. >> Oh gosh. >> Never. I'm sorry. >> I didn't mean to credit. When you have a base pointer stays the same throughout the entire function call until you call another function pointer. >> The base pointer is essentially letting you know how much memory this program is using. So the difference between the stack pointer in the base pointer is how much memory the program that we're running is using. So I'm going to write this in the chat. It won't help the people who are watching this in the cloud later if I push. >> So suppose yea X has the value like I don't know, OX dead beef then. And ESP has value o x 200, which it would never have that valuable. >> Oh, cool. >> That does show. >> Then push DAX will essentially do the following. It's equivalent to saying yes, p sub ESP x4. So now ESP is o x one f. Oh god, what is, what is 12? And see and then move. >> I think it's D were written ESP EAX. >> So now OX dead beef is at is on stack. Okay? >> So all of this happens and this needs to be like super clear in your head. And I'm and I'm not sure that like writing in, in other assembly makes it anymore clear. But a push is essentially equivalent to two other assembly arguments, sub and move. And the move is going to read the value in EAX and write it to the address in ESP. >> The sub is going to subtract ESP by four in place. >> So I'm not sure if that made any sense. >> Let's watch it as a visualization. >> Let's go back to our stack visualization. >> If EAX has dead beef in it, then you can now type d, d, bf were dead beef. >> We only have four characters and then, and then click push. And so now the stack pointer moved four to the right and the value in EAX got written into the spot where the stack pointer is pointing. >> Did that have value? >> Yes. So here's the base pointer? >> Yep. >> Okay. And then here is a stack pointer, right? So then as you go along and you're doing operations, your stack pointer moves this way, so it moves from here to here. >> So like that would be, that's right. >> So pop, yeah, the stack pointer closer to the winner push will move the stack pointer further from the base pointer. >> Okay? So yeah, so like if I, if I pop c here, here's my stack pointer, and then I pop c. Now my stack pointer is here. If I push a value onto the stack, and now my stack pointer is here and then the base pointer is here. And I've, I was reading that the base pointer, what that does is it plays a part in allocating space in memory for variables in like a function? >> Yes, correct. >> Or and yeah, so I think I think like in a vacuum we can treat the base pointer is never moving. >> And only when, only when a function gets called Does the base pointer move. >> So the baseball, just like our rock throughout the function call is a base pointer. >> Does the base pointer is like equivalent to a return address in any way? >> No, no. >> Okay. So let's see. That's totally wrong because I wasn't really sure about that. >> Okay. >> It it is I would call it like the other side of this stack, right? Okay? >> And to some extend, the base pointer lets us know where the local variable stop. >> Okay, with that mixing, one thing that you said there that I think I wanted to like just coke out a little bit. >> As you said, pop c, which is a very sensible thing to say when we're looking at a diagram like this, right? >> So like, like pop dead beef right now. But one thing that gets confusing when you're looking at X86 assembly is that the command Pop EAX, who can explain to me what happens when I click pop EAX and you get, and you can use this like visual stack that we have here. >> What would happen if I typed pop EAX and ran it in assembly, takes it off the stack, at least according to our visualizer. >> Yes, Sub Pop is gonna move it off the stack. What is the role of EAX? >> And that command is good destination, right? >> That's correct. >> So what we popped was something off of the stack and what we did is write that thing into the destination address. >> So, so pop carries with it the assumption that we're going to read where the stack pointer is right now into this space that pop is handed. >> And the amount we're going to remove from the stack pointer is based on how much that space can hold. >> So here's another pop command. Pop the word square bracket. >> Let's say this would be a weird one, but whatever I'll say EDI. >> So the first command is going to say, Oh, hey, this is a four byte register that they want to fill up. >> And so they're going to, what pop EAX would do, would take, would essentially be equivalent to pop DAX is equivalent to move into EAX. >> D word ESP. >> Actually, I think I can just say move ESP and it's okay. And, and then add ESP x4. So those two commands at the same thing as pop EAX, Pop D word EDI. >> That's where violent assembly, borrower pump can only theories, you can only use a register o. >> Okay? >> Alright, well then intellectually find and we can only use a register for pop. >> So if I wanted to make my equivalent of what pop the word would do, it would be move D word EDI ESP and add b o x four. >> So pop EDI, EDI is not valid since pop can only take a register. But I could make the equivalent of Pop D word EDI by writing from the stack pointer to the location and then adjusting the stack pointer. >> All right. >> Who's got anything to say to clarify their own mental model? Can, can, can you each take a second and put pop and push in your own terms. >> It's like, I'm still not quite sure how to articulate it. So I feel like trying to visualize it. Trying to visualize how this works would probably help. Okay, so maybe one of those Google searches had those Google searches had various videos. >> Let's look at some notes. >> Did yes. So I think this is definitely something that I'm going to have to look at those videos there. Maybe this one that's on short or 30 minutes. I want to just saw oh, that's this one's just on a stack pointer. Oh my gosh. And add. So let's see what I don't know if I'd just seen a visual of stack. This might not be the best video or maybe I'm moving too quickly through it. >> No, no, no. >> I I don't know what the world they mean by P CSP. >> Yeah. >> I think that's using its own unique assembly language. >> Yeah, sure. >> Either one all the way on the left. >> I like to look at one all the way on the left. >> Yeah. Try that one. >> Geeky thing. >> Yes. Here we go. >> Yeah, this looks good. >> Can we blow that up? >> Right-click View image or not? It just says copy video address here, o element because it is its own thing. Just, Yeah, what's up high. >> All right, so this is very this is actually running through a call and return o. This is perfect. Yeah, I want this Jeff. >> Okay. >> Oh, okay. Again. >> So here that's where the stack pointer ESP starts off. >> And then this bottom data is EAX. >> So here it looks like we're pushing some values. Onto the stack and then do whatever I want. >> I'm sort of moves up the stack. >> And then what happens is it's just difficult and I keep my okay. >> And that's going to call some Changi of EVP. >> So, so I want to pause here and say habit quarks like calling conventions. >> And this is definitely doing some calling convention stuff here. >> And, and I think the calling conventions are really important. >> So 32-bit and 64-bit calling conventions are a little bit different. >> And this is kind of where the base pointer now gets to be a little bit more confusing. >> So I don't know if we can, I guess we can't really stepped back and forth in this, in this GIF. >> Or maybe you are controlling it. Are you controlling it? >> I can step I think I can step forward. Okay. I was or maybe not thinking we're yeah. So let's go back to the beginning being restarted. Plus now I guess signatures. >> Okay, so, so here the base pointer, suppose some base pointer was FO seven to stack pointer is F0 for four. >> And that's just kind of saying that the base pointer shouldn't be roughly in the bottom. >> And it feels like it is significantly beneath the bottom here. >> And, and when we pushed onto the stack, these are going to be the arguments. >> 321 are going to be the arguments to the sum 251. >> And once it goes in, it changes the base pointer. So notice that the base pointer became 40. >> Ok. Now I just went back. >> It's fine. >> It's an animated GIF, right? >> So alright, pushing three to one. >> Now when we go to call, we're going to push the return address of where we will come back after, then push the base pointer, then do some local variable stuff. So those things in gray are kind of local variables inside the sum function. >> And then move the base pointer back into the stack pointer. Pop the value back into the base pointer register from the stack, and then go back to the address that's on the call. >> And so when it comes to stack smashing, the thing to understand is the next. >> With this moment, if I were inside the sum function writing, I would get to write all over that whole stack. It I need to understand. >> Whether or not I need to care about the base pointer being overwritten and how did Rican troll the address that is going to go to afterward? >> And if I need to call a function, how can I put my arguments on the stack in such a way that when I call some other function that wasn't intended, it has the right arguments. Got it? Yep. >> Yep. >> We totally heard you assert your adulthood, Chris, which is fair. >> Alright. >> So Lucas, Pat, Daniel, can you I don't know. >> Did this help one to ten ESP, EBP make more sense? Now? I think it did help the I think the place where I still live, I'm not actively thinking about it, right? >> Get losses is the idea that like the base pointer is just somewhere, somewhere else in memory, right? And clarified, I do have this, right? It is essentially just where a function starts in memory, right? >> No, the base pointer is going to be where the stack that is currently active begins. >> So the base pointer and the stack pointer are kind of in the same general area of deterring tape. >> Oh, oh, okay. >> They'll see. Okay. So the model I've had my head is basically just bins and like a peg leg. >> Tower of Illinois duck is just this one place not we could have 20 thousand stacks, one each for their own. >> You're saying that in a different stack for every function. >> Every function has its own stack, but they're typically in the same part of the tape. >> So but in theory I could like I could change that base pointer and it's going to, you know, make a whole new stack for when I return to that next function. >> So in theory I could move both base pointer and stack pointer to some other crazy place in memory and do some stuff. >> I've never seen that in an exploit land. And have you seen that? >> An exploit we have to like move the entire stack to some other spot. >> I'd seen like, like vulnerabilities that caused that to happen. Like how do you take advantage of that? >> Okay. All right. >> Yeah. >> I mean, it's conceivable, right? >> So, so when, when we do this like end of the function, you can see here that she's got, move the base pointer back to the stack pointer, and then pop the base point. >> Pop the old base pointer back to the base pointer address. >> So but I'll say this. If base pointer is 0 and stack pointer is 8 thousand, Do I have 8 thousand bytes on my stack? >> Kinda presumed it. >> If I were to go pop, pop, pop, pop, pop, pop, pop, pop, pop, I had probably have to pop 2 thousand times. If we're back down to 0, back down is probably not right. >> Stack pointer is always subtracted. >> You'd probably be more like the base pointer is at 8 thousand, stack pointer is at 0 and hop, hop, hop, hop, hop, hop 2 thousand times. And so my stack pointers up to 8 thousand. >> So I, one thing that I think is true is that getting an accurate mental model of this is probably important. >> I've never taught an X86 course before, anything else like that. >> I picked it up by kind of just looking at programs running and be observing the behaviour and thinking out like what uttering tape is really like. >> So what everybody is experiencing as kind of a vague, well, maybe that needs to be into like a hyper precise. >> This is exactly how it works. Probably every last mental model that you guys have developed is valuable to somebody in the future. So I'm, I'm kind of tempted to have each of you describe how Push pop works in terms of like what's your model? A mental model of like how stack pointer, base pointer works. >> That is asking too much can not be, cannot be homework for next week. >> Okay. Sure. >> So again, cuz I yeah. >> Okay. >> So so how about that? >> So so are kind of pulling one-on-one homework, make a short speech, maybe video, something. >> One minute description of how the stack works with EBP ESP. >> Is that fair? Homework? >> Yes. >> Okay. >> And and I would probably even say including a function call, like including a 32-bit function call. But the calling convention, you know, can, can I do the visualization as a calling convention? >> So no, sorry, don't write that. >> Let's go to that crazy stack visualizer, or this one, or this simple line? >> This one, that one. >> Yep. So let's clear it or pop up. >> Alright, I'm going to do my version of her animated GIF. So I'm inside of main right now. So we're going to push like local one LO C1, push LOC to push. >> Alright, now I'm going to call add. >> I'm going to call the function add. >> So I'm going to push a hold on, I'm gonna push Argh, I'm gonna push Arg two. >> No, I think I push arg1, whatever. I push R2, Now I'm gonna push arg1. >> Alright? Now I'm going to push, I'm going to call it read a, read Capital a. >> This is my return address. >> This is like the next instruction to execute. When you're done. >> Then I'm going to go to the function call where ad is, and it's going to do a push EBP. So now do EBP push, alright, and now it's going to set EBP ESP. So now it's going to make its own stack. >> Oh yeah. >> And now I'm going to do push LOC or how about LC one a habit LC one, a and L. C2e. >> Okay. >> Evb. Oh gosh. >> Okay. So everybody This was me doing a function call, doing pushes and pops in order to make the function call happened. >> And I want to highlight if you put your mouse to just to the right of EBP, BAM, that is the value of the new base pointer inside of the other function. And I want you to observe that the original base pointer, which would have been all the way on the left of the screen. >> And this base pointer have in common that they are just to the left of the local variables. >> Does this make sense to you or show the thank psi and I had to sign. >> Okay. >> And we'll definitely be looking at nurse. >> Well, I'm going to call, I can. Let's suppose that this function calls another function. >> It will do all the same things. It would call like, you know, AAG, you be an H1B or maybe AG 3b or whatever AGE 3B, push argument three for function B. And then a G2 be push, an AG 1B push. And now we're going to have red B Push and EBP a MVPA. Yep. >> And now I'd be like L c one b and l c to b. >> So this was, this was inside main. >> I call function a, which takes two arguments. >> Then inside function a, I call function B, which takes three arguments. >> Maine had two local variables, a had two local variables, func b had two local variables. >> All right, now, would somebody like to do what happens at the end of one thing that's sad about this is that I don't get to like have the registers. >> So, so right now the two registers I care about are ESP, which is where her mouse is right now. >> It's to the right of Luke to be there. >> He goes. >> That's the stack pointer. Who can tell me where the base pointer is right now? >> Again, That's correct. >> That's the base pointer which sets up the stack frame inside a function B. Is that clear to everybody else? >> Yeah, well, okay, everybody else. >> So put your mouse where the base pointer is. >> Yeah, because the base pointer and the stack pointer kind of like shadow each other, right? >> Silica stack pointer, the base pointer, and never that far apart. >> And and the base pointer is kind of setting up like a clean wall. And inside of my wall, like I'm in my new function and I can completely disregard everything that happened before. So inside of function B, it does not have to give an f about what happened inside a function a or main. >> It just has it's own little stack pointer, it's own little base pointer. >> And honestly, in, in order to make this all like Inception Matrix style, even when we began main itself was somebody else's function be just because we don't care what happened to the left of Luke one and look to doesn't mean that somebody else doesn't care. >> It's all recursion all the way down anyway, so, so her mouse is at the current base pointer and to the right is always the stack pointer. >> The stack pointer is always at the bottom of the stack. So here's what happens. As were done with function B. >> Function B is going to do some crap. And it's going to set some registers and it's going to do some other stuff or whatever else is going to do some operations out there that I don't I'm not really going to care about when we get to the end of function B, it's going to do essentially pop, pop to get rid of the local variables. >> Alright? And now it's going to set the stack pointer. >> It's going to set the base pointer to the value on the stack. >> So it's going to do a pop into EBP. >> And now where's base pointer here? >> Nope. Yes, that was thank EPA. So now it it hasn't fully finished the return, but it did set the base pointer before it moved on. So now the base pointer is back to what it was when we begin function a to set the new kind of Garden of Eden walls, but it hasn't finished. So now that it's moved the base pointer back to, to function a, it's going to do read B. And what's B gonna do? >> All it's gonna do is gonna take the address off the stack and it's going to put that into the next instruction pointer, which for this visualization we've kind of disregarded the instruction pointers, but it read that off and put it in the instruction pointer. And for posing, that's the most important thing in the world. >> That instruction pointer is how we can control the consciousness of the program. >> Now typically when it comes back, it's got a stack pointer plus 12 or something like that in order to get rid of those local OF those arguments to function beam. >> So now it's going to do some sort of a hidden pop, pop, pop to get rid of the arguments from the stack. >> And now it's officially kind of done with calling function B. So your mouse is at the base pointer, with the base pointer right now there. >> And the stack pointer is always to the right, okay? >> To somebody else. Want to walk through how it's going to return from function a back into main. >> Alright, Lucas is going to give it a try. >> Okay, so you can see my mouse obviously. >> So July Screenshare and go to that site real quick. >> Oh, no. >> You can just you can drive Katrina like John Belk of itch. You say put your mouse. >> So right now her mouse is at the base pointer and the stack pointers to the right and kind of described to us what's going to happen or tell her when to put hit pop and why, and things like that. >> Okay. >> So just first pop those two off the stack and now the, and now the base pointer is going to go back to the very beginning of the thing before loc1. >> That's right, which is what's stored on the stack there. >> So what's stored on the stack is the address just to the left, to the left of loc1. And that's also going to pop the EDP off of there? >> That's correct. >> And then it's going to set the stack pointer to the two after Arg one and it's going to pop off, right? Yeah, so it pops right, which went into the instruction pointer, which we haven't talked much about, EIP, but that's just the next place it's gonna go to execute something. >> So I guess that's it. >> Then it does two other things typically are one of the thing typically, which is it'll do something like add ESP OX eight, which just clears the arguments that it frees me. >> Froze. Oh yeah, just go back to the visualizer in pop up, right? And now we're back into main as if the function call to sum or whatever else is all done. >> Alright, thank you. >> Very good. >> Ok. That's how ESPN EDP works. >> Internalized. Whoa. So your job is to internalize all of that and be able to like describe it back to us was why does adding OX a pop those args? >> It's essentially a pop without storing the values. >> So in our simple stack we only had cushion pop. But in assembly pop always has a destination register. >> But if I don't care to save the values anywhere, then its, its more like trash, you know, so, so doing add ESP X4 is essentially trashing one value from the stack, which is essentially the exact same thing as like pop EAX, except it doesn't store it into EAX. >> Alright, so Daniel Pat Lucas did this have value in terms of like pawn one-on-one because, because we could just solve problems. But I think we did a lot of salt proud solving problems. So to some extent I thought like addressing mental models might be more valuable. >> Yeah, and I think this, okay, okay, good. >> So maybe maybe as part of the homework, read that guide to X86. >> If she's got there, share that in the Discord. >> It's probably already in the discord. >> Yeah. I think I showed this slide and I can always go. I'm sure I can just put it on the desk client-side. >> Definitely read that and then be able to articulate how the stack works. >> Because I think there's a big difference between like seeing it in your head and then being able to articulate it. And I think being able to articulate how something works, it's how you really know the unders, understand it fully. >> That's right. >> So I think having and I and I I genuinely see it as like two pieces of touring tape. They're technically on like the same memory strip but but I see kind of like one chunk of memory is the stack segment where EBP, ESP live and frolic. >> The other chunk of memory is the, I don't even know what's the land. And what does the segment called that kick that holds like the operands, the assembly instructions as to what the data said. >> Oh, it is the data section. >> I just really have to cave. >> I stop sharing, sharing us. >> We are all done here. >> Thanks. >> Okey-dokey. >> Well, thanks, everybody. That was pulled one-on-one. >> I'll see you all tomorrow at 11 for crypto school, if you're here.
Andy Novocin's Personal Meeting Room
From Andrew Novocin March 31, 2020
3 plays
3
0 comments
0
You unliked the media.