Day1 Pwn

I heard great things about pwn. Its time to finally go through it from Beginning to End!

I am using Medium as a repo for my notes from the pwn courses.

movsx is for sign extending. Its great for transitioning from 32bit land to 64bit

How are Registers populated? -> From memory data goes through a bridge to the L2 cache then goes to a register.

A Processing starting creates a space in memory call the stack

Push/pop decrements/increments 0x8 from the value of rsp

Memory is virtual, so accessing it can crash a program

sub rsp, 8
mov [rsp], rcx

The above instructions is exactly the same as

push rcx   

Since push decrements the value of rsp then moves to the stack

lea is able to access the RIP -> Ive seen this before but never really recognized it until today

rflags hold condition flags

The 4 main type of rflags are Carry, Zero, Overflow, and Signed

rax specifies the system call action

In the preface of all asm

.globl _start

This shows there is a symbol and it is exposed

Sooooo

.intel_syntax noprefix
.globl _start

_start:
   nop

Running this program will cause a segfault

This is due to how a nop was handled and no clean exit with a syscall

I knew null bytes would end a program. I was always unsure of the count until now

3 null bytes in a row ends a program