1
00:00:06,690 --> 00:00:07,450
Hello, everyone.

2
00:00:07,770 --> 00:00:15,660
So this session will be divided into multiple, I would say, videos, because it's a long one and that

3
00:00:15,660 --> 00:00:22,620
way it will be probably easier to go through each one of them separately, understand it, and then

4
00:00:23,220 --> 00:00:24,270
jump to the other one.

5
00:00:24,690 --> 00:00:31,590
So I will divide them into maybe two or three, depending on how much time it will take me to the finish.

6
00:00:32,310 --> 00:00:39,000
Each section of this session and again, it's going to be easier for you that way to go over each one

7
00:00:39,000 --> 00:00:39,330
of them.

8
00:00:39,600 --> 00:00:44,040
So in this session today, we will start talking about memory.

9
00:00:44,820 --> 00:00:52,400
Now, this this presentation was prepared by me and my my friend, uh, shot in life.

10
00:00:52,830 --> 00:00:59,160
So, uh, thanks to him, we did them a long time ago, but they are still very useful.

11
00:00:59,160 --> 00:01:04,380
And I would say they explain what we want when we talk about exploitation.

12
00:01:05,910 --> 00:01:07,010
So welcome to America.

13
00:01:07,070 --> 00:01:13,170
And again, let's start this is an outline what's going to be covered, the topics here that we will

14
00:01:13,170 --> 00:01:18,130
be going over them, some of them, I will move much faster than the others.

15
00:01:18,160 --> 00:01:25,440
But the reason that they were covered in previous sessions, so don't expect me to dive deeper into

16
00:01:25,440 --> 00:01:25,710
them.

17
00:01:25,980 --> 00:01:34,320
But you can go back and check the other videos or our other sessions for further understanding, or

18
00:01:34,320 --> 00:01:38,280
you can just check online references for doing that.

19
00:01:39,850 --> 00:01:43,990
So software exploitation introduction, let's start here.

20
00:01:44,440 --> 00:01:53,470
So at the end, a program is just a set of rules that they follow a certain execution flaw which tells

21
00:01:53,470 --> 00:01:54,850
the computer what to do.

22
00:01:55,240 --> 00:02:03,510
And those, let's say those those rules were defined by the developer of the of the program.

23
00:02:03,790 --> 00:02:13,060
So the developer said, let's say he defined or he set these certain execution flaw that he wants to

24
00:02:13,060 --> 00:02:13,570
do this.

25
00:02:13,570 --> 00:02:18,870
It goes there, it comes here, etc. And then when you're on the program, that's what's going to happen.

26
00:02:19,420 --> 00:02:24,110
But for us, our goal is to exploit the program or exploit the software.

27
00:02:24,430 --> 00:02:28,120
So we want to get the computer to do what we want.

28
00:02:29,110 --> 00:02:32,210
Even if the program was designed to prevent that action.

29
00:02:32,560 --> 00:02:36,920
So this is also part of the definition from the art of exploitation.

30
00:02:37,720 --> 00:02:45,130
Now, I know the art of exploitation is probably an old book and talking about when we compare where

31
00:02:45,130 --> 00:02:45,820
we are today.

32
00:02:46,000 --> 00:02:49,270
But still, it has the basics, the basics.

33
00:02:49,270 --> 00:02:51,370
And it has, I would say, more than the basics.

34
00:02:51,380 --> 00:02:55,180
Actually, it has the core for software exploitation.

35
00:02:55,570 --> 00:02:59,860
And this definition is really what exploiting the program is about.

36
00:03:00,160 --> 00:03:03,970
So, again, the developer created the program.

37
00:03:04,330 --> 00:03:07,900
The idea was to have that program do something.

38
00:03:08,500 --> 00:03:12,460
But we want we as let's say, software.

39
00:03:12,970 --> 00:03:18,060
We want to do some exploitation that software or we want to exploit it or maybe even a threat actor

40
00:03:18,070 --> 00:03:19,370
wants to exploit the software.

41
00:03:19,660 --> 00:03:27,160
So the idea or the goal is to get the program to do what we want, even if that program was not designed

42
00:03:27,160 --> 00:03:30,410
to do that or they want to prevent us from doing that.

43
00:03:31,330 --> 00:03:33,070
This is not, by the way, something new.

44
00:03:33,070 --> 00:03:35,260
Again, if anyone is interested in history.

45
00:03:35,270 --> 00:03:41,810
This was documented back in 1972 by the US Air Force, so or by study in the US Air Force.

46
00:03:41,810 --> 00:03:43,370
So it's not something new.

47
00:03:43,690 --> 00:03:45,880
So it's seven, 1972.

48
00:03:45,880 --> 00:03:46,930
That's a long time ago.

49
00:03:47,620 --> 00:03:55,170
And still, with the new mitigation techniques that are being developed by, let's say, the which are

50
00:03:55,180 --> 00:04:00,720
we will also talk about them even with those new mitigation techniques which are are being applied,

51
00:04:00,730 --> 00:04:07,860
whether by the operating system or whether they are applied by your hardware or even the compiler itself.

52
00:04:08,380 --> 00:04:16,590
Software, unfortunately, still today exploitable or we can still exploit that, exploit the software

53
00:04:16,590 --> 00:04:17,260
or programs.

54
00:04:17,830 --> 00:04:21,520
So welcome again to the memory lane.

55
00:04:22,120 --> 00:04:24,760
Now, what's needed to understand exploitation?

56
00:04:24,760 --> 00:04:25,340
Definitely.

57
00:04:25,340 --> 00:04:27,520
You need some background with computer languages.

58
00:04:27,520 --> 00:04:29,380
It's good to have at least the basics.

59
00:04:29,560 --> 00:04:33,530
You probably need to be a professional professional in them.

60
00:04:33,580 --> 00:04:39,310
It's good if you are, but if you don't at least understand them, operating systems is very important.

61
00:04:39,310 --> 00:04:42,700
I keep mentioning that and I will continue doing that.

62
00:04:42,880 --> 00:04:49,810
And architectures like understanding which computer are we targeting and let's say what what program

63
00:04:49,810 --> 00:04:54,690
we are targeting and what hardware is it running on.

64
00:04:55,030 --> 00:05:00,460
So those are the basics I would say, that you need in order to understand exploitation.

65
00:05:02,220 --> 00:05:08,460
What will be covered in this section a little bit about C.P.U registers, because, again, we cover

66
00:05:08,470 --> 00:05:14,730
those in a different session, how functions work, we will focus on this is very important memory management,

67
00:05:15,150 --> 00:05:22,050
especially for the Intel three 32 bit architecture or Intel 86.

68
00:05:22,290 --> 00:05:29,760
We won't be doing anything related to 64 bit of time if we have enough time out that at the end of our,

69
00:05:29,760 --> 00:05:31,080
uh, our classes.

70
00:05:31,080 --> 00:05:35,700
But for now, we'll focus on Intel, 32 bit architecture.

71
00:05:35,970 --> 00:05:40,590
Also, we'll need a little bit about, let's say, assembly.

72
00:05:40,800 --> 00:05:48,030
I assume by now you have a little bit of background with assembly and see at least understanding the

73
00:05:48,030 --> 00:05:48,420
code.

74
00:05:48,420 --> 00:05:54,330
You don't need to be, at least for now, proficient with C or assembly, but at least you are able

75
00:05:54,330 --> 00:05:57,540
to read the code, understand it and understand what's going on.

76
00:05:58,320 --> 00:05:59,250
Why do I need those?

77
00:05:59,250 --> 00:06:01,140
Because at the end, security has come.

78
00:06:01,170 --> 00:06:05,130
Most of them, I would say most of them come from from memory corruption.

79
00:06:05,490 --> 00:06:12,360
So that's why it's very important if you have good background in what we just mentioned.

80
00:06:14,720 --> 00:06:21,560
Now, CPR instructions and register registers, so the CPR at the end contains a couple or let's say

81
00:06:21,560 --> 00:06:24,780
a number of registers depending on its modern architecture.

82
00:06:25,010 --> 00:06:34,460
So whether the number of registers on a 32 bit system is on an exit 56, I mean, system is different

83
00:06:34,460 --> 00:06:38,600
than when we talk about a system, 64 bit system.

84
00:06:38,610 --> 00:06:39,940
So keep that in mind.

85
00:06:39,950 --> 00:06:43,460
The number of registers will be different in this session.

86
00:06:43,460 --> 00:06:51,200
We will be focusing on three main registers, which is the EBP, ESPN, the IP, which is the instruction

87
00:06:51,200 --> 00:06:51,760
pointer.

88
00:06:51,770 --> 00:06:53,460
And we'll talk about all of these.

89
00:06:54,320 --> 00:06:57,110
So these are the main focus in this session.

90
00:06:57,110 --> 00:07:02,840
Not that other registers are not important, but these are the main ones because we want to focus on

91
00:07:03,050 --> 00:07:08,930
exploitation and how things are working, especially when dealing with the stack, something which we

92
00:07:08,930 --> 00:07:15,050
will be seeing in a couple of minutes now at the end of the instruction is the lowest execution turn

93
00:07:15,050 --> 00:07:15,860
for the CPU.

94
00:07:15,860 --> 00:07:23,420
So we will be executing instructions while a statement is the higher high level term that is compiled

95
00:07:23,420 --> 00:07:25,880
and loaded as one of many instructions.

96
00:07:26,030 --> 00:07:32,390
So you can think of instruction as the assembly code and you can think which is being, let's say,

97
00:07:32,660 --> 00:07:34,070
executed by the CPU.

98
00:07:34,220 --> 00:07:40,040
And you can think of the statement, which is the program that it's written in C, but that that code,

99
00:07:40,040 --> 00:07:45,470
which is written in C, it could be more than one single instruction.

100
00:07:45,510 --> 00:07:53,540
OK, so a statement could be multiple instructions and instruction is just one single set of, let's

101
00:07:53,540 --> 00:07:56,370
say, one one instruction.

102
00:07:56,400 --> 00:07:58,540
It will be a one set of things to do.

103
00:07:58,550 --> 00:08:00,680
Let's say let's go to let's call it that way.

104
00:08:00,680 --> 00:08:07,730
Probably so assembly language is a human friendly representation of the instructions or the machine

105
00:08:07,730 --> 00:08:08,170
code.

106
00:08:08,450 --> 00:08:13,730
So assemblies, let's say, even though some people might say assembly is not easy, it is not easy.

107
00:08:13,730 --> 00:08:20,990
I would say maybe it depends also on it depends on practice, really, I would say.

108
00:08:21,710 --> 00:08:28,730
But it's the human friendly version of the instructions which the machine will be executing at the end.

109
00:08:28,730 --> 00:08:33,350
The machine will be actually executing what is called machine code or bytecode.

110
00:08:33,350 --> 00:08:37,250
We will also see those later in in this in this course.

111
00:08:38,960 --> 00:08:46,510
Uh, adjusters, just a quick overview, as you can see, we have the 16 bits, 32 bits and 64 bits,

112
00:08:46,510 --> 00:08:53,000
and we can see that each one of them, like when we talk about the AICS, which is the accumulator.

113
00:08:53,020 --> 00:08:54,160
That's what it's called.

114
00:08:54,160 --> 00:08:56,080
But it could be used for something else.

115
00:08:56,440 --> 00:09:04,610
Backspace index, SCIEX counter the data, BP or SBP, which we are going to focus on 32 bit.

116
00:09:04,680 --> 00:09:07,930
So let's talk about that, which is the extended base pointer.

117
00:09:08,090 --> 00:09:11,980
OK, E.S.P, which is the extended stack pointer.

118
00:09:12,160 --> 00:09:18,040
These are all 32 bit registers, IP, which is the extended instruction pointer.

119
00:09:18,190 --> 00:09:24,910
And then we have ESR, an idea which are two pointers for when we deal with with strings or with data.

120
00:09:25,580 --> 00:09:26,080
Now.

121
00:09:27,610 --> 00:09:34,930
I just thought the system can also access, let's say we can access, let's say, lower and higher ends

122
00:09:34,930 --> 00:09:36,280
of these registers.

123
00:09:36,280 --> 00:09:42,430
So let's say we have the 16 bit, let's say the AICS, the 16 bit, which is a 16.

124
00:09:42,430 --> 00:09:51,100
But we can access the lower worth of the apex register by accessing the A-L of that register, which

125
00:09:51,100 --> 00:09:51,790
is called A-L.

126
00:09:51,790 --> 00:09:54,520
So that way we are accessing the lower world of that.

127
00:09:54,850 --> 00:10:01,770
If we want to access the higher world, then we will just go H and the same applies for X and the X..

128
00:10:02,020 --> 00:10:06,610
OK, now these are again not the complete list of registers.

129
00:10:06,610 --> 00:10:10,150
Again, like 64, which has more than more than this.

130
00:10:10,150 --> 00:10:11,940
But these are just an example.

131
00:10:12,830 --> 00:10:19,220
Now functions a high level view, we want to look at the functions, a high level view and see what

132
00:10:19,220 --> 00:10:23,420
what makes a function or what is a function, what does the function consist of?

133
00:10:23,930 --> 00:10:30,950
So here in this program, we have three different functions if we go to the the bottom, because that's

134
00:10:30,950 --> 00:10:36,440
where, let's say, the program will first start, I would say at least for the session.

135
00:10:36,650 --> 00:10:42,160
So integer, main integer, arctica stargaze and then those brackets, etc..

136
00:10:42,290 --> 00:10:45,230
So this is the main function, which is the integer integer.

137
00:10:45,230 --> 00:10:46,580
I mean, this is the main function.

138
00:10:47,030 --> 00:10:48,650
And inside it we have some.

139
00:10:51,060 --> 00:10:56,940
If statement, which is going to be checking if the argument is more than one, so we have a decision

140
00:10:56,940 --> 00:11:05,850
to be made here based on the value which is passed on the value which is in our is the argument counter

141
00:11:06,720 --> 00:11:09,030
and the argument counter is more than one.

142
00:11:09,510 --> 00:11:16,320
Then we will be calling a function called My Fun One, and we will be passing the second argument to

143
00:11:16,320 --> 00:11:16,990
that function.

144
00:11:17,310 --> 00:11:23,400
Now, if we go to my function one or my phone one, then we see it's taking a pointer to a string.

145
00:11:24,150 --> 00:11:32,280
Inside there is a character buffer of 16 bytes or we are creating a buffer of 16 bytes means our buffer

146
00:11:32,280 --> 00:11:33,930
is 16 bytes long.

147
00:11:34,320 --> 00:11:42,630
And then we are calling the CPI, which is to copy the value which is going to be passed into a store,

148
00:11:42,840 --> 00:11:43,860
into our buffer.

149
00:11:43,860 --> 00:11:49,320
So whatever value the user will be entering, it's going to be copied to the buffer.

150
00:11:50,190 --> 00:11:56,730
And then that power is going to be passed to my phone, too, if we go to my funk to go up now again

151
00:11:57,420 --> 00:11:58,760
we can see we get up.

152
00:11:59,100 --> 00:12:07,440
It's a pointer to a value so we can see then print you and third percentages and and then X.

153
00:12:07,770 --> 00:12:15,570
So what's happening here is, let's say when you enter when you were on the program and then you let's

154
00:12:15,570 --> 00:12:23,510
say you send the argument like hello, what will happen is the program will take the value.

155
00:12:23,520 --> 00:12:24,900
Hello or the string.

156
00:12:24,900 --> 00:12:25,260
Hello.

157
00:12:25,560 --> 00:12:32,490
It will copy it into the buffer and then it will take that value which is now in the buffer.

158
00:12:32,490 --> 00:12:37,440
And it will send it to my phone too, and my phone will just print on the screen.

159
00:12:37,770 --> 00:12:38,700
You entered.

160
00:12:38,730 --> 00:12:39,130
Hello.

161
00:12:39,150 --> 00:12:42,150
So that's basically how the execution will happen.

162
00:12:43,200 --> 00:12:47,430
We will be running this code and exploiting it, but that's going to be in a later video.

163
00:12:47,520 --> 00:12:47,970
For now.

164
00:12:47,970 --> 00:12:52,450
I just want you to understand the code, which is which is over here.

165
00:12:52,650 --> 00:12:57,510
So there's a high level view of of our functions now.

166
00:12:58,670 --> 00:13:05,570
These are the function names, so as you can see, these are the function names and that's why we have

167
00:13:05,570 --> 00:13:09,480
this color for we so we can highlight them.

168
00:13:10,040 --> 00:13:14,480
Now, these are the parameters or arguments which are going to be passed to this function.

169
00:13:14,540 --> 00:13:17,690
OK, these are the parameters, arguments to this function.

170
00:13:17,790 --> 00:13:24,980
And as you can see, the slides were prepared in a way that you can you can, like, navigate them with

171
00:13:25,190 --> 00:13:32,450
kind of animation or kind of, let's say, help you understand which one we are focusing on in the slide.

172
00:13:33,380 --> 00:13:35,210
Now, this is the body of the function.

173
00:13:35,240 --> 00:13:40,850
So each one of these, whether mean Myfanwy one might want to each one of them has a body that's the

174
00:13:40,850 --> 00:13:42,310
body of those functions.

175
00:13:42,770 --> 00:13:46,560
And then at the end, this is the local variable definition.

176
00:13:46,580 --> 00:13:52,890
So as you can see here, only Myfanwy one in this example has some local variable definitions.

177
00:13:52,910 --> 00:13:57,320
OK, and then these are the return values.

178
00:13:57,350 --> 00:14:06,280
So when the function finishes its work, it's going to have to return something back so we can see means

179
00:14:06,300 --> 00:14:08,030
is going to be returning back an integer.

180
00:14:08,030 --> 00:14:10,300
My fourth one is going to be returning back nothing.

181
00:14:10,400 --> 00:14:12,600
So this is the return type value.

182
00:14:12,800 --> 00:14:15,290
OK, that's going to be returned by this function.

183
00:14:16,530 --> 00:14:19,350
And now let's look at how.

184
00:14:20,990 --> 00:14:26,570
The system will actually track the execution of this function, so let's say you.

185
00:14:27,680 --> 00:14:31,130
Compiled this program, and now you are about to execute it.

186
00:14:31,430 --> 00:14:37,970
We are not going to look now at the code from an assembly point of view, which is the lowest instruction

187
00:14:38,150 --> 00:14:43,430
which we will be seeing, which the copy will be, let's say, executing.

188
00:14:43,850 --> 00:14:46,480
But here we want to keep focusing on the functions.

189
00:14:46,490 --> 00:14:53,990
A high level view of what see what will happen and how the execution law is going to be is going to

190
00:14:53,990 --> 00:14:55,720
be done, how it's going to work.

191
00:14:56,390 --> 00:14:59,060
But we want to introduce the concept of the stack.

192
00:14:59,060 --> 00:15:05,810
So the stack is actually the best structure which the system could use to trace the program's execution.

193
00:15:05,990 --> 00:15:11,130
And you are going to see why the stack is last in, first in, last out.

194
00:15:11,150 --> 00:15:18,160
So when you put something into the stack and you add something on top of it, the first thing you put

195
00:15:18,170 --> 00:15:22,300
there is going to be the last one to, like, take out.

196
00:15:22,430 --> 00:15:29,060
You can think of it like the usually it's c some people might refer to it similar to the example of

197
00:15:29,870 --> 00:15:30,550
some dishes.

198
00:15:30,560 --> 00:15:35,300
So you have our plates, you have a plate and we put the first plate in the sink.

199
00:15:35,540 --> 00:15:41,630
And then when you put the second plate is going to be on top, the third on top, top, top, etc. then

200
00:15:41,630 --> 00:15:47,870
if you want to take the first plate out, you'll need to take all of the first plates which are on the

201
00:15:47,870 --> 00:15:50,220
top in order to reach the bottom of them.

202
00:15:50,240 --> 00:15:52,900
So again, it's first in, last out.

203
00:15:52,910 --> 00:15:54,470
So that's what the stack is about.

204
00:15:54,680 --> 00:16:02,750
And you will understand in when we go over the when we go over this why the stack is used for program

205
00:16:02,750 --> 00:16:03,320
execution.

206
00:16:03,320 --> 00:16:04,140
It's really good one.

207
00:16:04,760 --> 00:16:12,320
So if the if the current statement is going to be executed, you'll see it in this blue color.

208
00:16:12,920 --> 00:16:15,360
So let's start, let's say, executing our code.

209
00:16:15,380 --> 00:16:21,860
So what will happen is first thing is the programming will start and it's going to be checking whether

210
00:16:21,860 --> 00:16:27,000
the arguments counter is more than one or less or one maybe.

211
00:16:28,040 --> 00:16:34,280
So if it's more than one, then now the execution is going to go to my fun one.

212
00:16:34,580 --> 00:16:39,550
And we are going to pass the second argument to my first one.

213
00:16:39,560 --> 00:16:41,000
Why is the second?

214
00:16:41,000 --> 00:16:46,480
Because the first one, the zero is actually the name of the program.

215
00:16:46,670 --> 00:16:49,970
So are one is actually the first parameter to be passed.

216
00:16:51,350 --> 00:16:56,140
And don't forget that arrays start always with zero.

217
00:16:56,330 --> 00:17:02,810
So the first member in the array is actually RGV zero, which is again the name of the program, and

218
00:17:02,810 --> 00:17:07,310
then RGV one is a second, which is actually the first argument to be passed.

219
00:17:07,490 --> 00:17:09,530
So again, let's say we pass the value.

220
00:17:09,530 --> 00:17:10,820
Hello now.

221
00:17:10,820 --> 00:17:12,750
Hello will be sent to my first one.

222
00:17:12,950 --> 00:17:19,670
So what will happen is my phone one now gets pushed the let's say the position of my phone, one gets

223
00:17:19,670 --> 00:17:21,200
pushed over onto the stack.

224
00:17:21,410 --> 00:17:27,740
So now we are saving the position of my phone once we go to my first one.

225
00:17:27,980 --> 00:17:30,880
Now, this is where the execution is going to happen.

226
00:17:31,580 --> 00:17:39,380
Now we are going to create a buffer for the character buffer with 16 bytes executions continuing.

227
00:17:39,650 --> 00:17:40,740
Now, I still copy.

228
00:17:41,160 --> 00:17:43,280
Now, this one is also a function.

229
00:17:43,280 --> 00:17:50,630
So we should be storing actually also the location, the position of SDR copy here onto the stack.

230
00:17:51,020 --> 00:17:59,600
But for, let's say, making things simpler, we are just going to like jump over it and focus on the

231
00:17:59,600 --> 00:18:05,570
functions which we have in our code, not the functions which are provided to us by the library, which

232
00:18:05,570 --> 00:18:13,010
is which is as are copy is a function that you can use by the by by a library that you import and you

233
00:18:13,010 --> 00:18:14,430
include you start to use.

234
00:18:14,720 --> 00:18:21,970
So we are if we were to trace this one step at a time, then we will be adding the position of a star

235
00:18:21,980 --> 00:18:26,140
copy to the stack and then continuing from there.

236
00:18:26,180 --> 00:18:32,420
But again, for making things simpler, we are just going to skip this and assume it was done.

237
00:18:32,480 --> 00:18:36,770
Now we are going to go to my phone to we are going to pass the buffer.

238
00:18:36,770 --> 00:18:37,970
So the executions here.

239
00:18:39,660 --> 00:18:44,970
My friend, to the position of that, we need to also push it were onto the stack, so we need to save

240
00:18:45,570 --> 00:18:52,410
the position of my fund to OK before we go and start executing it now since we saved the position.

241
00:18:52,650 --> 00:18:55,200
Now let's go and start executing so we get there.

242
00:18:55,800 --> 00:18:57,180
Now we print the statement.

243
00:18:57,200 --> 00:19:03,110
So this statement will print the hello message, which we allow word that we entered.

244
00:19:03,390 --> 00:19:09,870
OK, now the execution has ended for my fund to where are we going to go back now?

245
00:19:09,870 --> 00:19:18,210
The stock will be used to understand where was I and how can I continue from, where did I, where I

246
00:19:18,210 --> 00:19:18,830
left from.

247
00:19:19,230 --> 00:19:24,420
So we are going to pop out the value of the position which is now on the stock.

248
00:19:24,420 --> 00:19:32,610
And as you can see, the the the the top value on the stock was the previous function we were executing.

249
00:19:32,740 --> 00:19:36,470
So that's why the stock is very useful for program execution.

250
00:19:36,660 --> 00:19:44,310
Again, what we need to do now is after we finished my fund to we need to know how we can go back to

251
00:19:44,430 --> 00:19:49,830
where were we before we entered my fund to we were in my fund one.

252
00:19:50,010 --> 00:19:53,310
So we need to understand, how can we go back to that again?

253
00:19:53,310 --> 00:19:58,950
We are we are going to pop the position which is currently on the stock and then go go there.

254
00:19:58,950 --> 00:20:00,060
So we pop there.

255
00:20:00,390 --> 00:20:03,570
As you can see, there is really nothing left in my fund.

256
00:20:03,570 --> 00:20:06,870
One, if there was, it will be executed, but there is nothing here.

257
00:20:07,230 --> 00:20:08,430
So now what will happen?

258
00:20:08,430 --> 00:20:17,610
We need to now understand where were we before we came to my fund one like what was the previous execution

259
00:20:18,270 --> 00:20:25,590
thought that we were working on or we were executing or the system was executing before we started executing.

260
00:20:25,590 --> 00:20:28,020
My plan once again will go back to the stack.

261
00:20:28,560 --> 00:20:32,550
The stack will pop out the position of my fund.

262
00:20:32,550 --> 00:20:38,040
One, it will tell me that the system that, hey, if you want to go back to the previous function,

263
00:20:38,550 --> 00:20:40,710
the position for that is over here.

264
00:20:40,710 --> 00:20:42,630
So it's going to pop that value out.

265
00:20:43,140 --> 00:20:48,810
Then we are going to come here, finish the execution and then end of execution.

266
00:20:48,810 --> 00:20:53,340
So that's how the program will start and the execution will end.

267
00:20:53,550 --> 00:21:00,810
So we saw by looking at the high level view how the function will work, how the stack representation,

268
00:21:01,320 --> 00:21:03,590
which is actually doesn't really exist in memory.

269
00:21:03,790 --> 00:21:09,720
This is something virtual, OK, but it's used to it's used to for program execution.

270
00:21:09,960 --> 00:21:16,710
And now we can understand how the program was executed and how the stack was used, actually, to make

271
00:21:16,710 --> 00:21:25,170
sure once I go to another function, I know how I can go back to where I was before I went there.

272
00:21:25,530 --> 00:21:26,280
And the same thing.

273
00:21:26,280 --> 00:21:32,220
When I go to that function, I know how I can go back to the previous function and so on and so forth

274
00:21:32,220 --> 00:21:35,970
until the program ends its execution, like you can see here.

275
00:21:35,970 --> 00:21:37,020
End of execution.

276
00:21:38,660 --> 00:21:45,540
So stuck in flames, there is no physical stuck inside the sepia again, it's something virtual instead

277
00:21:45,770 --> 00:21:50,840
of the CPU uses the mean memory to represent a logical structure of the stack.

278
00:21:51,050 --> 00:21:54,800
Again, this is there is nothing really in memory that is a stack.

279
00:21:54,800 --> 00:22:04,280
It's just like it's not a physical part in the CPU or in memory that is being used to represent the

280
00:22:04,280 --> 00:22:04,630
stack.

281
00:22:04,640 --> 00:22:11,070
It's just a logical representation in in which is used to represent the stack.

282
00:22:11,270 --> 00:22:15,620
Now the operating system reserves a contiguous role, memory space for the stack.

283
00:22:15,620 --> 00:22:22,310
And that happens at the at the immediate start up when you start the application that the OS will reserve

284
00:22:22,310 --> 00:22:23,190
that value for you.

285
00:22:23,500 --> 00:22:23,960
OK.

286
00:22:26,460 --> 00:22:30,000
And the stock is logically divided into many, many stock frames.

287
00:22:30,030 --> 00:22:33,110
The stock is also logically divided into many stock frames.

288
00:22:33,120 --> 00:22:38,060
Each frame will be created when we create what we call a new function.

289
00:22:38,070 --> 00:22:39,540
We will come to this in a little bit.

290
00:22:40,050 --> 00:22:44,200
Now, the stock and all the stock frames are represented in memory upside down.

291
00:22:44,310 --> 00:22:45,480
OK, keep that in mind.

292
00:22:45,480 --> 00:22:50,100
The stock and all frames are represented in memory upside down.

293
00:22:50,160 --> 00:22:52,130
You will see in a in a minute.

294
00:22:52,320 --> 00:22:53,200
What does that mean?

295
00:22:53,370 --> 00:22:55,620
But for now, just think of it like that.

296
00:22:56,680 --> 00:23:05,420
So that frames the frame is represented by two pointers, so we need in order to be able to trace the

297
00:23:05,500 --> 00:23:09,840
dark frame and what's happening in the stack frame, we need to have two pointers.

298
00:23:10,060 --> 00:23:16,090
One will be pointing at the base, which is the base pointer, and that's SBP, that's the register

299
00:23:16,090 --> 00:23:16,570
SBP.

300
00:23:16,990 --> 00:23:23,540
So that I just repeat, will always be pointing at the base of the other frame.

301
00:23:23,590 --> 00:23:24,040
OK.

302
00:23:25,230 --> 00:23:30,550
The memory address that is equal to SBP minus one is the first memory location of the stark frame.

303
00:23:30,840 --> 00:23:33,410
Keep that in mind, EBP minus one.

304
00:23:33,460 --> 00:23:40,440
This is just an example to which will always be pointing to the memory location of the is the first

305
00:23:40,440 --> 00:23:41,950
memory location of the frame.

306
00:23:42,290 --> 00:23:51,180
OK, now the stack pointer, which is a used by, let's say, the E.S.P, which is the registered E.S.P,

307
00:23:51,570 --> 00:23:57,480
which is a stack pointer that will be pointing always to the top of the stack.

308
00:23:57,840 --> 00:24:03,610
So the memory address that is equal to E.S.P is the top memory location of the stack frame.

309
00:24:03,930 --> 00:24:07,890
Again, E.S.P will always be pointing to the top of the stack.

310
00:24:08,350 --> 00:24:12,690
And again, since we our stack is divided into frame, you will see all of that in a minute.

311
00:24:12,720 --> 00:24:18,600
So even if you can currently imagine how this is working, we will see it in some visual.

312
00:24:19,650 --> 00:24:23,680
E.S.P will always be pointing to the top of that frame in the stack.

313
00:24:23,730 --> 00:24:29,700
OK, when you push or Papa Value E.S.P register is going to be changing.

314
00:24:29,710 --> 00:24:33,450
So when you push a value, E.S.P will change.

315
00:24:33,450 --> 00:24:36,110
When you pop a value, E.S.P will also be changed.

316
00:24:36,450 --> 00:24:42,900
So the register, which will be changing depending on when you add a value or when you push a value

317
00:24:42,900 --> 00:24:48,460
to the stack, or when you remove a value from the stack by pop is actually the E.S.P pointer.

318
00:24:48,530 --> 00:24:54,570
OK, the base pointer, which is SBP never changes unless the current stack frame is changed.

319
00:24:54,900 --> 00:24:56,280
Keep that in mind again.

320
00:24:56,700 --> 00:25:00,900
The base pointer will never change unless the current static frame is changed.

321
00:25:01,110 --> 00:25:07,630
So if the current frame, which is active change, I guess change, that's when SBP will happen again.

322
00:25:07,650 --> 00:25:11,430
All of this I maybe will say, what is this guy talking about?

323
00:25:11,460 --> 00:25:12,740
That's probably true.

324
00:25:13,650 --> 00:25:20,850
You'll understand all of this in in a in a couple of minutes when we go to some visuals and have an

325
00:25:20,850 --> 00:25:27,080
idea about what's happening, that the static frame is empty when SBP value equals to ESPs value.

326
00:25:27,330 --> 00:25:30,850
So that's when we consider that the static frame is empty.

327
00:25:31,230 --> 00:25:33,900
Now let's go and look at this and see what what's going on.

328
00:25:34,720 --> 00:25:40,290
Again, we like we said, we have the the stack.

329
00:25:40,290 --> 00:25:41,550
It's upside down.

330
00:25:41,760 --> 00:25:48,300
So that's why you can see the top of the stack is always going to grow towards the lower end of the

331
00:25:48,300 --> 00:25:48,750
memory.

332
00:25:49,290 --> 00:25:55,080
And the start of the stack are the base of the stack is always going to be on the higher end of the

333
00:25:55,080 --> 00:25:55,530
memory.

334
00:25:55,780 --> 00:26:02,970
OK, so when we push a value, when we add a value to the stack, it's it's growing towards the lower

335
00:26:02,970 --> 00:26:03,830
end of the memory.

336
00:26:04,020 --> 00:26:08,200
So what that means is the memory addresses will be decreased.

337
00:26:08,220 --> 00:26:09,470
OK, keep that in mind.

338
00:26:09,810 --> 00:26:14,760
And when we remove a value from the stack, it's actually the memory addresses will be increased.

339
00:26:15,210 --> 00:26:24,120
Now, here you can see the the memories because I just put this one from 002, FMF, etc..

340
00:26:24,540 --> 00:26:28,290
Now, this memory is always will be divided into two.

341
00:26:29,850 --> 00:26:33,710
Let's say space's one is kernel space and one is userspace.

342
00:26:34,050 --> 00:26:36,750
Sometimes this is for Linux will.

343
00:26:36,990 --> 00:26:46,190
Let's say you use one gigabyte for for kernel space while the userspace will have three gigabytes.

344
00:26:46,200 --> 00:26:47,230
Now all of that.

345
00:26:47,400 --> 00:26:51,300
So this means we have four gigabytes for 32 bit application.

346
00:26:51,510 --> 00:26:52,820
But keep that in mind.

347
00:26:53,100 --> 00:26:54,240
This is all virtual.

348
00:26:54,240 --> 00:26:59,550
But for every single application, you'll have a virtual address base of.

349
00:27:01,110 --> 00:27:01,890
Four gigabytes.

350
00:27:01,920 --> 00:27:07,950
OK, this could be changed, but again, this is the default, which for now we just want to explain

351
00:27:07,950 --> 00:27:08,370
the idea.

352
00:27:08,610 --> 00:27:09,920
So, again, you have the stack.

353
00:27:10,050 --> 00:27:14,370
You can see here this there is a pointer pointing to the start of the stack.

354
00:27:14,370 --> 00:27:18,160
There's a pointing pointing to this to the top of the stack again.

355
00:27:18,180 --> 00:27:20,380
Remember when we add a value to the stack.

356
00:27:20,400 --> 00:27:24,300
So when we push a value, the memory address is going to be decreasing.

357
00:27:24,300 --> 00:27:28,740
When we remove the value, the memory addresses address is going to be increasing.

358
00:27:28,740 --> 00:27:29,130
Why?

359
00:27:29,490 --> 00:27:35,340
Because when we add we are moving towards the lower end, when we are removing, we are moving towards

360
00:27:35,340 --> 00:27:38,410
the higher end of the memory that's continual.

361
00:27:38,430 --> 00:27:41,130
You'll you'll understand more about this as we continue.

362
00:27:41,960 --> 00:27:44,690
So stack and stack frames inside the main memory.

363
00:27:44,720 --> 00:27:48,510
Again, this is the lower end at the top, you can see.

364
00:27:49,140 --> 00:27:51,130
Not sure if you can see my my mouse.

365
00:27:51,920 --> 00:27:53,700
This is where the lower end of the memory.

366
00:27:53,720 --> 00:27:55,370
This is the higher end of the memory.

367
00:27:55,640 --> 00:27:57,610
And we can see this is the top of the stack.

368
00:27:57,680 --> 00:27:59,330
You can see this is the bottom of the stack.

369
00:27:59,720 --> 00:28:03,630
So we can see here the stack has multiple frames.

370
00:28:03,890 --> 00:28:06,810
So all the stack frames that frame newest frame.

371
00:28:07,130 --> 00:28:13,820
So one note to keep in mind is the stack frame, which is frame index number zero.

372
00:28:16,680 --> 00:28:22,650
Will be the one that is actually active and the oldest acronym is indexed as stock count minus one.

373
00:28:22,980 --> 00:28:30,240
So again, the one that's going to be active will be the stock from zero, the one before it will be

374
00:28:30,840 --> 00:28:34,970
like number one and so on and so forth.

375
00:28:34,980 --> 00:28:39,010
So the new newest stock frame is indexed as stock from zero.

376
00:28:39,150 --> 00:28:40,980
The older one stock for him one.

377
00:28:41,250 --> 00:28:46,830
And the oldest stock for him is index stock frame count minus one and so on and so forth.

378
00:28:46,860 --> 00:28:48,570
OK, so keep that in mind.

379
00:28:49,270 --> 00:28:50,000
Uh.

380
00:28:51,480 --> 00:28:54,480
Yes, so here we have one, two, three stack flames.

381
00:28:55,620 --> 00:28:58,550
So managing stat frames, uh.

382
00:29:00,170 --> 00:29:07,370
Let's see, yeah, let's let's probably stop here and then continue, yeah, we already have reached

383
00:29:08,630 --> 00:29:12,530
one slides, so let's stop here and continue in another video.

384
00:29:12,650 --> 00:29:15,920
So we'll start in managing stock frames and our next video.

385
00:29:16,100 --> 00:29:17,500
Thank you for watching this one.