Basic Linux exploits: Function Calling Procedure

Note: Hacking is not a joke so please keep patience and learn it step by step.

Note: Before reading this post you must read :

• Learn hacking for free on buffercode

• Basic Linux Exploits:Make your Pc more secure

• Basic Exploits : Stack Operations

• Debugger Tool Objdump in Linux

• C Compilation using gcc

Function Calling Procedure

As we defined in our previous post functions are group of some codes that together performs a certain task and is called by other functions, including the main( ) function . This call causes a jump in the flow of the program .

What happens when a function is called in assembly language code ??

1. By convention , the function calling program sets up the function parameters on the stack in the reverse order.
2. eip is saved on the stack to give the next instruction from where it left off (return address).
3. Finally function call is executed and the address to next instruction is stored in eip.

A Look at the assembly code

Note: Assembly code below is produced using gdb(debugger) , follow the below steps

• Write a program  in c and compile it using gcc -fno-stack-protector option below is the simple code intest.c
  #include  int main(int argc, char *argv[])
             {
                printf(“Welcome from Buffercode \n Hello %s %s\n”,argv[1],argv[2]);
                return 0;
           }
• Open terminal
• Type command root@gAmer:~#gdb -q test.c
• (gdb) disassemble main
• Below is the output in assembly code
  Output:
  Dump of assembler code for function main:

  0x000000000040050c <+0>: push %rbp

    0x000000000040050d <+1>: mov %rsp,%rbp

    0x0000000000400510 <+4>: sub $0x10,%rsp

    0x0000000000400514 <+8>: mov %edi,-0x4(%rbp)

    0x0000000000400517 <+11>: mov %rsi,-0x10(%rbp)

    0x000000000040051b <+15>: mov -0x10(%rbp),%rax

    0x000000000040051f <+19>: add $0x10,%rax

    0x0000000000400523 <+23>: mov (%rax),%rdx

    0x0000000000400526 <+26>: mov -0x10(%rbp),%rax

    0x000000000040052a <+30>: add $0x8,%rax

    0x000000000040052e <+34>: mov (%rax),%rax

    0x0000000000400531 <+37>: mov %rax,%rsi

    0x0000000000400534 <+40>: mov $0x400600,%edi

    0x0000000000400539 <+45>: mov $0x0,%eax

    0x000000000040053e <+50>: callq 0x4003e0 

    0x0000000000400543 <+55>: mov $0x0,%eax

    0x0000000000400548 <+60>: leaveq 

    0x0000000000400549 <+61>: retq

  End of assembler dump.

So if you are familiar with assembly code you can easily understand it or if you can’t please tell us so that we will guide you .

You will see these stuffs of assembly code over and over while looking for buffer-code overflows during exploits , so please make sure that you are able to understand this stuff . If got stuck anywhere please comment here , or create a topic on our forum after loging in .