Pwn!

Programming Languages

• Writing programs a machine can directly understand is unintuitive.
• Machines have different languages
• What's the solution? Programming languages!

The Good, The Bad, and The Ugly

• Modern computers and OSes are powerful!
• With great power comes great responsibility...
• Let's demonstrate that real quick.

Preventable Errors

• We can't catch all errors
• However, we can prevent and/or catch certain, important classes
• Out of bounds reads/writes
• Dereference null
• Arbitrary memory access
• So many more!

What's the Catch?

• There are contexts which require more privilege in order to function
• Becoming less true overtime, but performance suffers too much

Welcome our Savior, C!

• For the most part, whatever your hardware can do, C can do.
• The runtime is very lean compared to most other languages.
• To those who don't need big runtimes, C is very productive to work in

Ugh, What's the Catch Now?

• If you mess up, an attacker will likely have as much power as you do...
• Results from errors are unexplainable without architecture
• Unrelated variables change
• Functions don't return properly
• "Forgetting" where variables actually are
• Etc...

"Cracking" a password

Let's demonstrate how much C can suck if you mess it up!

Main Memory

• Bit – 1-digit binary result represented as some switch on computer
• Byte – 8 bits representing binary number (0 – 255)
• Main memory accumulates bytes and assigns "address" to each

i386/amd64

• Architectures on Intel computer chips
• Addresses are 4 bytes for i386, 8 bytes for amd64
• Have special, non-addressable memory called registers

​

​

A Linux Program in Memory

• The operating system lives in memory. 
• The rest of the programs can have the rest.
• Memory has a certain organization for all programs.

​

A C Program In Linux

• C translates straightforwardly to these sections mentioned.
• The result: variables share the address space with many others...