The Call Stack and Stack Overflows (example in C)
Vložit
- čas přidán 8. 07. 2024
- Patreon ➤ / jacobsorber
Courses ➤ jacobsorber.thinkific.com
Website ➤ www.jacobsorber.com
---
The Call Stack and Stack Overflows (example in C) // Students usually hear about the stack early on, but many don't really take the time to look at how it works until it gives them trouble. This video shows you how the call stack works and what a stack overflow is (example C code included).
Related Videos:
Stacks: • How to Implement a Sta...
Make Videos:
+ • Learn make in 60 seconds.
+ • More make: automatic v...
***
Welcome! I post videos that help you learn to program and become a more confident software developer. I cover beginner-to-advanced systems topics ranging from network programming, threads, processes, operating systems, embedded systems and others. My goal is to help you get under-the-hood and better understand how computers work and how you can use them to become stronger students and more capable professional developers.
About me: I'm a computer scientist, electrical engineer, researcher, and teacher. I specialize in embedded systems, mobile computing, sensor networks, and the Internet of Things. I teach systems and networking courses at Clemson University, where I also lead the PERSIST research lab.
More about me and what I do:
www.jacobsorber.com
people.cs.clemson.edu/~jsorber/
persist.cs.clemson.edu/
To Support the Channel:
+ like, subscribe, spread the word
+ contribute via Patreon --- [ / jacobsorber ]
Source code is also available to Patreon supporters. --- [jsorber-youtube-source.heroku...]
There's a difference between knowing a subject and understanding it and Jacob, even though his name isn't spelled with 'k', understands what he's talking about. That makes such big difference; that's why I've learned more about C programming watching his stuff for two days than other stuff for two months. Subscriber (since two days) !
Welcome, Jakob. Glad you were able to overlook the 'c'. 😀
This is the best video I found to refresh my memory on basic program execution I could find after working on higher level languages for so long. So many people put up videos that are apparent word salad with no real comprehension... As if they are trying to remember how it works while explaining it. Thank you Jacob.
I'm glad to get a tutor like you.
You are a great tutor I ever seen.
You make complex concept easy to understand.
🙏 Thank you so much 🙏
You're very welcome!
Thank you ! Very helpful all the videos
Great explanation, keep up the good work!
great video!
Thank you Dr. Sorber :D
Good, video was complicated for me, you made it easy.💕
This was so good!
thank you so much making videos like this and i am getting 100% fruitful from your videos!!!
Wow what an amazing video , super helpful channel !!
Thanks. Glad you like it.
Hello Jacob. Very interesting material as usual. Go ahead and make material about "Calling Conventions" as it is next interesting topic in my opinion.
great video as always!
question: I know that there's a 'randomize memory' option for the virtual memory of the process, how does it mesh with stack addresses and stuff?
Dear Jacob,
Thanks a lot for the tutorial.
1 What happens in the process (or in firmware) before main() launches?
2 Who determines the order of initialization of global variables (in case of int g_val=foo();)?
3 What code copies the return address onto the stack frame?
4 Can a C function at runtime determine whether it has been called recursively just by exploring values in RAM stack?
Regards,
AB
I haven't coded in a long time. Got let go when the pandemic started then developed a movement disorder. Your videos will be nice as a quick refresher.
Sorry to hear that. Glad I could help in some way. May the future be better than the recent past.
Very interesting. Thank you for the lesson. Thanks to you I've been writing a lot more examples in C lately, you motivated to go back and write some data structures from scratch and actually understand them better than just calling a new List for literally every need.
It's been a long time since the last video... Happy to see another one :)
yes absolutely
yeah
Thanks. Yeah, it's been a crazy fall. I'm glad I could get one out.
Awesome, video. Love when you matter-of-factly state the hex addresses are going up and down. Not everyone reads hex bro 😂. Still, hyper useful tutorial.
Can you please explain " search.h " header file in c programming.
Hi Jacob, Why the frame address can be in the middle sometimes?
How to count the number of stack frames in Stack RAM just looking at stack RAM values?
Now this is oddly convenient. I have been trying to implement a way to manually create stack frames all day. Those pesky segmentation faults and bus errors just keep on coming.
I did it by using in-line assembly and it worked fine. Use objdump or gdb in order to inspect what gcc compiler does to your functions maybe you are repeating some operations that have already been done or something to that effect. For instance, if the compiler makes the
push %rbp
mov %rsp, %rbp
instructions and you write them again, you will screw up because you will have one pop %rbp and then when you call retq, instead of popping up previous instruction pointer you will pop up previous base pointer. This is what happened to me when I first wrote in assembly.
ALL I CAN SAY IS THANK YOUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.
Awesome video! I really like how you explain these concepts. Question: do you ever discuss how things, like stack overflows, stack 'crushing', or buffer overflows can be used for hacking purposes? I don't mean from a "here's how you do it" perspective but from a "how it can be exploited" perspective? Or maybe even that might be too close to "how to do it". lol Anyway, thanks for posting!
you might want to check this video by him
czcams.com/video/7mKfWrNQcj0/video.html
@@benjaminshinar9509 Thanks!
When a function is called, instruction pointer is being pushed on the stack and when the function is over, that same value is poped from the stack and it is put back into the instruction pointer register. Instruction pointer basically tells the computer what is the next instruction it should execute.
So, if you change instruction pointer to point to a part of memory which you previously filled with your malicious machine code instructions, you have successfully hacked.
How can you do this?
Let's say a stack frame has place for 40 char variables. If you write more than 40 chars, you will start overwriting things which you shouldn't. First you will overwrite the base pointer which is 8 bytes on a 64bit PC. After these 8 bytes you will start overwriting the instruction pointer. You overwrite it with the memory address where you put your malicious machine code. For instance you could put those machine code instructions in those 40 bytes which were reserved for 40 chars which means that you overwrite the instruction pointer with the address of these 40 bytes. Now, you need to know the address of these bytes in order for this to work. Hackers can guess the address because compilers on Linux at least don't randomly choose where in memory they will put stack frame for main function. Jacob Sorber himself has a video about this where he talks about how on Mac compilers randomize where the main function will be put in memory.
Another reason why this particular exploit won't work today is because by default you can't execute machine instructions from the stack. Programmer needs to make the stack explicitly executable when he compiles the program (-z execstack flag). So, this method is not going to work in modern days, but this is how it worked in the past if I understand correctly. I am a beginner myself so if you want something more instructive, this is the best that I can give you.
if you can please can you make videos about in-depth usage about gdb. i mean how to use gdb more efficiently and advance feature from the beginning.
Sure. Are there specific things you would like to see? Or things you find cumbersome?
@@JacobSorber i mean, for me its so hard to debug in gdb because i barely i understood gdb, and i don't know lot of options in gdb i just wanna know how pro like you use the gdb in real life projects.
Runtime stacktrace library please.
Your channel is exceptional. Please keep up the good work!
In the illustration of the stack and the heap an so on, there is a little gap above the stack. Whats that?
hey jacob,
about the address from the main function when we printed : &i , __builtin_frame_address
the difference between the integer storage i and the SP was 4 bytes all seems good, but when we called myfunc() the difference between : &i , __builtin_frame_address turned to be 8 bytes
i didn't get that behavior, and could u send the link related to this video -of using these commands-.
Do you think you could make one on setjmp.h? I recently found some code with it, and was really confused about how it worked and what it was doing. Thanks
Like a how-to-implement-exception-handling-in-C video? That could be fun. Thanks. I'll see what I can do.
Great video
I am wondering how does OS knows how much memory it must be allocated for the program. I assume that Stack Overflow occurs when Stack memory addreses intersecs with Heap memory addresses?
Hello Jacob Sorber, do you think Rust will kill c/c++? Even if c/c++ used in many important software and IoT devices, I see many comments about Rust is going to replace c/c++ in the future because of its memory-safety. There are other memory-safe languages like go/java/D but they are slower than c/c++. However, It's said Rust is as fast as C/C++ and memory-safe, how is this possible? Other languages lose their speed for security but Rust doesn't, can you make a video about these topics
Well rust really isn't that much better than c++. Rust also isn't proven to be any safer or faster all around.
It would take a long time for any language to take over c/c++ and since time is money I doubt major companies will switch.
C++ is also still preferable to programmers who want the most control over the program
@@XenoTravis Interested in your comment that Rust isn’t proven to be safer or faster than C++. Do you have any links or more information about this?
@@belesiu @Travis I wonder too
@@XenoTravis "Well rust really isn't that much better than c++. Rust also isn't proven to be any safer or faster all around."
this is big fat bullshit, you dont know what youre talking about
So... when you're reading it normally like you would in a disassembled/hex editor or whatever the stack actually grows upwards? I get confused by everyone putting the high addresses in their examples at the top of the diagram. And with frame pointer you meant the base pointer and not the stack pointer, right?
edit: oooh yeah so the stack pointer would in this case point to the address of the "return" variable on the stack, probably? Like...
0x0 | ...
0x4 | "return" var
0x8 | old base pointer
0xC | return address
0x10 | "counter" arg
...
Frame pointer = 0x8
Stack pointer = 0x4
I really liked seeing you using lldb, that was insightful!
Dude ! You are an amazing instructor !! Have you already created a video where you walk the stack to find the stack trace ? If no, humbly requesting you to :)
I did not understand how stack frames work, how stack, base and instruction pointers work until I looked at the assembly and then wrote a couple of functions in assembly myself. I was then surprised to find out that first two arguments of a function in my windows PC go into ecx and edx registers while on my Ubuntu they go to esi and edi registers. Both my Ubuntu and my windows compiler put the return value into eax register though. Ubuntu compiler doesn't decrease the stack pointer if it is a leaf function which uses less than 128 bytes (I then found out that these 128 bytes for a leaf function was called the red zone).
My Windows PC doesn't seem to have this red zone, but windows compiler sometimes puts a local variable on the other side of the base pointer (positive ofset from base pointer instead of negative offset) which never happens on my Ubuntu PC. When I write assembly I always decrease the stack pointer and put local variables in the negative offset, both when I am on Ubuntu and when I am on Windows).
Even these little things that I learned about how functions work on my Ubuntu I wouldn't know without looking at the assembly. And the reason why I learned this is because it bugged me that I didn't understand how function calls work under the hood.
Your videos are amazing. What kind of environment are you using for your C project?
HE'S ALIVE!
Trying to be.
No, a stack over flow is a website where people tell you someone already asked that question
666 base stack memory 667 neighbor of the beast stack overflow by 1
aah another thing
that you always says "that is topic for another video" or "i will talk about in future" some time you talk but most videos i anticipating are not shared
Yeah, I hear you. I get a lot of requests and have a lot of ideas for future videos, but time is tight, and a lot still haven't been made.
@@JacobSorber yes sir. i feel you these times is so tight for me too. and appreciate your work.
it worrying how much you look like and talk like Matthew McConaughey