In this proposal it is for patients with dementia. But the concept is broader:

Community cartographers seek to identify the resources that are present in the community, and focus on the problem-solving abilities of the neighborhood’s residents.

https://www.courtinnovation.org/sites/default/files/documents/asset_mapping.pdf

Implementaciones en C++!

cambiar a C++

que significa default en funciones pure virtual?

quitar static a función

Imagine that you insert this code in a certain function. What is the meaning of the values printed? Hint: Notice the size of array a and the number of iterations of the for loop.

The first 6 bytes of main.bad are damaged. Fix them manually using bless to look like those of a 64-bit ELF.

Then find out what is the address of _start and change the starting address of the binary to that address.

Just because the mycode.bin file contains assembly instructions does not mean that the loader will run. The loader needs the file in the ELF file format.

Running the shellcode with a CMA will output the binary of the byte array. You can inspect the mycode.bin it will contain the same bytes as the SC string.

Whenever the code is invoked with no command line arguments (argc==1) it tries to run the SC bytes as code.

ret = (int(*)())SC;

(int)(*ret)();

The sections are for the compiler. The segments are for the loader.

The symbol table lists the address that is assigned to SC. You can find which section corresponds to that address in the Section Table (use the -S flag fro readelf).

SC is a array of characters. SC and all other symbols are listed in the symbol table of the ELF. The symtab list information such as: name, scope (LOCAL, GLOBAL), size, type (FUN, OBJECT, SECTION).

A SIGSEGV is an error(signal) caused by an invalid memory reference or a segmentation fault. You are probably trying to access an array element out of bounds or trying to use too much memory.

This section holds executable instructions that contribute to the process termination code. That is, when a program exits normally, the system arranges to execute the code in this section

This section holds executable instructions that contribute to the process initialization code. That is, when a program starts to run the system arranges to execute the code in this section before the main program entry point (called main in C programs)

From: http://l4u-00.jinr.ru/usoft/WWW/www_debian.org/Documentation/elf/node3.html

(from StackOverflow) PLT stands for Procedure Linkage Table which is, put simply, used to call external procedures/functions whose address isn't known in the time of linking, and is left to be resolved by the dynamic linker at run time.

It is jump table to functions that are in the dynamically linked libraries (printf, scanf,...).

Further reading: https://www.technovelty.org/linux/plt-and-got-the-key-to-code-sharing-and-dynamic-libraries.html

Executable!

The instruction at offset 0x55 references printf. The linker better solve this reference.

The instruction at offset 0x3f references foo. The linker uses this information.

All the symbols with UNDefined must be resolved by the linker.

Read Only Data: Here you would find string literals such as the "result is %d"

For programs compiled with -c option, this section provides information to the link editor ld where and how to "patch" executable code in .text section

Comments about the compiler. You may read the raw content of any of these sections using: objdump -s -j .comment

The .data section contains data :-)

The .text section contains the machine language instructions of the program.

ELF files are subdivided into sections.

A section is an area in the object file that contains information which is useful for linking: program's code, program's data (variables, array, string), relocation information and other. So, in each area, several information is grouped and it has a distinct meaning: code section only hold code, data section only holds initialized or non-initialized data, etc

The first function in this file is at address 0x0.

32-bit ELF

The magic sequence that starts an ELF file is 0x7f 0x45 0x4c 0x46, i.e. .ELF.

You can read about the cfi assembler directives in https://sourceware.org/binutils/docs/as/CFI-directives.html#CFI-directives.

They are merely instructions for the assembler, similar to the preprocessor directives that you include in your C programs.

When you compile using the gcc -fno-stack-protector, there is no validation of the stack at the end of the function.

The return value is returned through %eax.

This was compiled for 32 bits, notice that the parameter to foo is being received through the stack.

This program was compiled for 64 bits and the parameter to the foo function is passed through register %edi.

The return value is passed through register %eax.

Setting the parameter and invoking foo.

Information about the compiler.

By default, the gcc compiler includes instructions to detect stack smashing.

Setting the parameters and calling the printf function.

Setting the parameters and calling the scanf function.

The .text section contains the actual assembly language instructions.

LC1 is the label by which we shall refer to "result is %d\n" in the program,

"Here comes the read-only data segment"

You can see the literal strings "%d" and "result is %d\n" that are parameters to the scanf and printf functions.

This is saying "In this program there is a global variable called buffer of 1048576 bytes and 32-bit alignment.

.comm name, size,alignment

The '.comm' directive allocates storage in the data section.