SlideShare a Scribd company logo
1 of 52
How Functions Work Saumil Shah www.net-square.com
Introduction
# who am i Saumil Shah CEO Net-square. Hacker, Speaker, Trainer, Author. M.S. Computer Science Purdue University. Google: "saumil" LinkedIn: saumilshah
Preview
What is a function?
What is a function? A function is a special SUBROUTINE
What is a function? A function is a special SUBROUTINE Re-usable block of code Can be called from anywhere in the program
What is a function? A function is a special SUBROUTINE Re-usable block of code Can be called from anywhere in the program Program control jumps to the subroutine... ...and returns to the next statement after completing the subroutine
Anything else?
Anything else? A function accepts parameters A function returns a value
Anything else? A function accepts parameters A function returns a value It may also have LOCAL variables...
Anything else? A function accepts parameters A function returns a value It may also have LOCAL variables... ...created when function is invoked, and destroyed when the function returns. Scope limited to that function only.
An example - add(x, y) int add(int x, int y) {       int sum;       sum = x + y;       return(sum); }
An example - add(x, y) Parameters int add(int x, int y) {       int sum;       sum = x + y;       return(sum); } Local Variable Return Value
Where are all the values stored? How are parameters passed? Where are local variables stored?
Where are all the values stored? How are parameters passed? Where are local variables stored? It is all accomplished using the STACK!
Where are all the values stored? How are parameters passed? Where are local variables stored? It is all accomplished using the STACK! Parameters are pushed on the stack before calling the function. Local variables are stored in stack memory as well.
Calling a function
add(x, y) 1 PROLOGUE 2 Local Variables BODY 3 s = add(3, 4) EPILOGUE Return Calling a function 4
add(x, y) PROLOGUE Push 4 Local Variables Push 3 BODY CALL add EPILOGUE RET Calling a function
CALL does two things: add CALL add RET Calling a function
CALL does two things: add Push EIP on the stack Jump to the function's address CALL add RET Calling a function
add CALL add RET Calling a function CALL does two things: Push EIP on the stack Jump to the function's address RET simply pops the saved EIP value.
How does it all fit together?
How does it all fit together? Let's see what happens on the stack.
How does it all fit together? Let's see what happens on the stack. ESP is the stack pointer. It always points to the top of the stack.
In the beginning ESP points to the top of the stack, as usual ... ESP ... EBP
In the beginning ESP points to the top of the stack, as usual EBP is the frame pointer (called Base Pointer). It points to regions within the stack. ... ESP ... EBP
Push the parameters For add(3,4) we push 3 and 4 on the stack. 3 ESP 4 ... ... EBP
CALL add CALL pushes the current EIP on the stack... ...and jumps to add() Saved EIP ESP 3 4 ... ... EBP
Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP Saved EIP 3 4 ... ...
Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP What's a FRAME? Saved EIP 3 4 ... ...
Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP What's a FRAME? Saved EIP 3 We shall discuss the frame a bit later. 4 ... ...
Local Variables Local variables are created in the stack memory. sum ESP Old EBP EBP Saved EIP 3 4 ... ...
Frame for add() The Stack Frame The stack memory used by a function is termed as its STACK FRAME sum ESP Old EBP EBP Saved EIP 3 4 ... ... Frame for main()
Functions and Frames Each function call results in a new frame being created on the stack. func1() frame for func1  ESP
Functions and Frames Each function call results in a new frame being created on the stack. func1() frame for func2  ESP func2() frame for func1
Functions and Frames Each function call results in a new frame being created on the stack. frame for func3  ESP func1() frame for func2  func2() frame for func1  func3()
frame for func2  frame for func1  Functions and Frames When a function returns, the frame is "unwound" or "collapsed". func1() ESP func2() func3()
Functions and Frames And as new functions get invoked, new frames get created. frame for func4  ESP func1() frame for func2  func2() frame for func1  func3() func4()
The Frame Pointer EBP is the frame pointer (base pointer). sum Old EBP EBP Saved EIP 3 4 ... ...
The Frame Pointer EBP is the frame pointer (base pointer). sum local var Old EBP EBP Local variables and Parameters are RELATIVE to the frame pointer. Saved EIP 3 param 1 4 param 2 ... ...
The Frame Pointer EBP is the frame pointer (base pointer). sum EBP - 4 Old EBP EBP Local variables and Parameters are RELATIVE to the frame pointer. Saved EIP 3 EBP + 8 4 EBP - n:  Local vars EBP + n: Parameters EBP + 12 ... ...
Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP ESP EBP Saved EIP 3 4 ... ...
Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP POP EBP. Restores EBP back to the old frame. Saved EIP ESP 3 4 ... ... EBP
Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP POP EBP. Restores EBP back to the old frame. Saved EIP ESP 3 4 Stack pointer now points to where EIP was saved before CALL add(). ... ... EBP
Return! RET instruction pops the saved EIP value back into the EIP register. sum Old EBP Saved EIP ESP 3 4 ... ... EBP
Return! RET instruction pops the saved EIP value back into the EIP register. EIP sum Old EBP Program control is returns to the next statement after add() Saved EIP ESP 3 4 ... ... EBP
Return! RET instruction pops the saved EIP value back into the EIP register. EIP sum Old EBP Program control is returns to the next statement after add() Saved EIP 3 ESP 4 ESP shifts down by one word. ... ... EBP
Key Concepts
Review
HOW FUNCTIONS WORK saumil@net-square.com

More Related Content

What's hot

Linux Profiling at Netflix
Linux Profiling at NetflixLinux Profiling at Netflix
Linux Profiling at NetflixBrendan Gregg
 
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Ray Jenkins
 
TDOH x 台科 pwn課程
TDOH x 台科 pwn課程TDOH x 台科 pwn課程
TDOH x 台科 pwn課程Weber Tsai
 
malloc & vmalloc in Linux
malloc & vmalloc in Linuxmalloc & vmalloc in Linux
malloc & vmalloc in LinuxAdrian Huang
 
LLVM Instruction Selection
LLVM Instruction SelectionLLVM Instruction Selection
LLVM Instruction SelectionShiva Chen
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
V8 javascript engine for フロントエンドデベロッパー
V8 javascript engine for フロントエンドデベロッパーV8 javascript engine for フロントエンドデベロッパー
V8 javascript engine for フロントエンドデベロッパーTaketoshi 青野健利
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedAnne Nicolas
 
from Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Worksfrom Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu WorksZhen Wei
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
Epoll - from the kernel side
Epoll -  from the kernel sideEpoll -  from the kernel side
Epoll - from the kernel sidellj098
 
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...Linaro
 
Pwning in c++ (basic)
Pwning in c++ (basic)Pwning in c++ (basic)
Pwning in c++ (basic)Angel Boy
 
DWARF Data Representation
DWARF Data RepresentationDWARF Data Representation
DWARF Data RepresentationWang Hsiangkai
 

What's hot (20)

The Internals of "Hello World" Program
The Internals of "Hello World" ProgramThe Internals of "Hello World" Program
The Internals of "Hello World" Program
 
Linux Profiling at Netflix
Linux Profiling at NetflixLinux Profiling at Netflix
Linux Profiling at Netflix
 
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!
 
TDOH x 台科 pwn課程
TDOH x 台科 pwn課程TDOH x 台科 pwn課程
TDOH x 台科 pwn課程
 
malloc & vmalloc in Linux
malloc & vmalloc in Linuxmalloc & vmalloc in Linux
malloc & vmalloc in Linux
 
LLVM Instruction Selection
LLVM Instruction SelectionLLVM Instruction Selection
LLVM Instruction Selection
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and more
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
 
V8 javascript engine for フロントエンドデベロッパー
V8 javascript engine for フロントエンドデベロッパーV8 javascript engine for フロントエンドデベロッパー
V8 javascript engine for フロントエンドデベロッパー
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
 
Gcc porting
Gcc portingGcc porting
Gcc porting
 
from Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Worksfrom Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Works
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracing
 
Kernel Pool
Kernel PoolKernel Pool
Kernel Pool
 
Epoll - from the kernel side
Epoll -  from the kernel sideEpoll -  from the kernel side
Epoll - from the kernel side
 
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
 
Pwning in c++ (basic)
Pwning in c++ (basic)Pwning in c++ (basic)
Pwning in c++ (basic)
 
DWARF Data Representation
DWARF Data RepresentationDWARF Data Representation
DWARF Data Representation
 
Virtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesVirtual Machine Constructions for Dummies
Virtual Machine Constructions for Dummies
 
Deep C
Deep CDeep C
Deep C
 

Similar to How Functions Work

CNIT 127: Ch 2: Stack Overflows in Linux
CNIT 127: Ch 2: Stack Overflows in LinuxCNIT 127: Ch 2: Stack Overflows in Linux
CNIT 127: Ch 2: Stack Overflows in LinuxSam Bowne
 
127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on LinuxSam Bowne
 
CNIT 127: Ch 2: Stack overflows on Linux
CNIT 127: Ch 2: Stack overflows on LinuxCNIT 127: Ch 2: Stack overflows on Linux
CNIT 127: Ch 2: Stack overflows on LinuxSam Bowne
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsCysinfo Cyber Security Community
 
Intro to JavaScript - Week 2: Function
Intro to JavaScript - Week 2: FunctionIntro to JavaScript - Week 2: Function
Intro to JavaScript - Week 2: FunctionJeongbae Oh
 
Planet of the AOPs
Planet of the AOPsPlanet of the AOPs
Planet of the AOPsJames Ward
 
127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on LinuxSam Bowne
 
04basic Concepts
04basic Concepts04basic Concepts
04basic ConceptsZhiwen Guo
 
Exploit techniques - a quick review
Exploit techniques - a quick reviewExploit techniques - a quick review
Exploit techniques - a quick reviewCe.Se.N.A. Security
 
Return Oriented Programming (ROP chaining)
Return Oriented Programming (ROP chaining)Return Oriented Programming (ROP chaining)
Return Oriented Programming (ROP chaining)Abhinav Chourasia, GMOB
 
Functions in python
Functions in pythonFunctions in python
Functions in pythoncolorsof
 
Stacks IN DATA STRUCTURES
Stacks IN DATA STRUCTURESStacks IN DATA STRUCTURES
Stacks IN DATA STRUCTURESSowmya Jyothi
 
Clojure beasts-euroclj-2014
Clojure beasts-euroclj-2014Clojure beasts-euroclj-2014
Clojure beasts-euroclj-2014Renzo Borgatti
 
Seh based attack
Seh based attackSeh based attack
Seh based attackMihir Shah
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploitshughpearse
 

Similar to How Functions Work (20)

ROP
ROPROP
ROP
 
P4 2018 io_functions
P4 2018 io_functionsP4 2018 io_functions
P4 2018 io_functions
 
Exploitation Crash Course
Exploitation Crash CourseExploitation Crash Course
Exploitation Crash Course
 
2.0 Stacks.pptx
2.0 Stacks.pptx2.0 Stacks.pptx
2.0 Stacks.pptx
 
CNIT 127: Ch 2: Stack Overflows in Linux
CNIT 127: Ch 2: Stack Overflows in LinuxCNIT 127: Ch 2: Stack Overflows in Linux
CNIT 127: Ch 2: Stack Overflows in Linux
 
127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux
 
CNIT 127: Ch 2: Stack overflows on Linux
CNIT 127: Ch 2: Stack overflows on LinuxCNIT 127: Ch 2: Stack overflows on Linux
CNIT 127: Ch 2: Stack overflows on Linux
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basics
 
Intro to JavaScript - Week 2: Function
Intro to JavaScript - Week 2: FunctionIntro to JavaScript - Week 2: Function
Intro to JavaScript - Week 2: Function
 
Planet of the AOPs
Planet of the AOPsPlanet of the AOPs
Planet of the AOPs
 
127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux
 
04basic Concepts
04basic Concepts04basic Concepts
04basic Concepts
 
Exploit techniques - a quick review
Exploit techniques - a quick reviewExploit techniques - a quick review
Exploit techniques - a quick review
 
Return Oriented Programming (ROP chaining)
Return Oriented Programming (ROP chaining)Return Oriented Programming (ROP chaining)
Return Oriented Programming (ROP chaining)
 
Buffer overflow attack
Buffer overflow attackBuffer overflow attack
Buffer overflow attack
 
Functions in python
Functions in pythonFunctions in python
Functions in python
 
Stacks IN DATA STRUCTURES
Stacks IN DATA STRUCTURESStacks IN DATA STRUCTURES
Stacks IN DATA STRUCTURES
 
Clojure beasts-euroclj-2014
Clojure beasts-euroclj-2014Clojure beasts-euroclj-2014
Clojure beasts-euroclj-2014
 
Seh based attack
Seh based attackSeh based attack
Seh based attack
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploits
 

More from Saumil Shah

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSSaumil Shah
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Saumil Shah
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise PresentationsSaumil Shah
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceSaumil Shah
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020Saumil Shah
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadSaumil Shah
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceSaumil Shah
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadSaumil Shah
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadSaumil Shah
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019Saumil Shah
 
Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDSaumil Shah
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019Saumil Shah
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019Saumil Shah
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM AssemblySaumil Shah
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSSaumil Shah
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling PhotographSaumil Shah
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKSaumil Shah
 

More from Saumil Shah (20)

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019
 
Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-X
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 

Recently uploaded

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

How Functions Work

  • 1. How Functions Work Saumil Shah www.net-square.com
  • 3. # who am i Saumil Shah CEO Net-square. Hacker, Speaker, Trainer, Author. M.S. Computer Science Purdue University. Google: "saumil" LinkedIn: saumilshah
  • 5. What is a function?
  • 6. What is a function? A function is a special SUBROUTINE
  • 7. What is a function? A function is a special SUBROUTINE Re-usable block of code Can be called from anywhere in the program
  • 8. What is a function? A function is a special SUBROUTINE Re-usable block of code Can be called from anywhere in the program Program control jumps to the subroutine... ...and returns to the next statement after completing the subroutine
  • 10. Anything else? A function accepts parameters A function returns a value
  • 11. Anything else? A function accepts parameters A function returns a value It may also have LOCAL variables...
  • 12. Anything else? A function accepts parameters A function returns a value It may also have LOCAL variables... ...created when function is invoked, and destroyed when the function returns. Scope limited to that function only.
  • 13. An example - add(x, y) int add(int x, int y) { int sum; sum = x + y; return(sum); }
  • 14. An example - add(x, y) Parameters int add(int x, int y) { int sum; sum = x + y; return(sum); } Local Variable Return Value
  • 15. Where are all the values stored? How are parameters passed? Where are local variables stored?
  • 16. Where are all the values stored? How are parameters passed? Where are local variables stored? It is all accomplished using the STACK!
  • 17. Where are all the values stored? How are parameters passed? Where are local variables stored? It is all accomplished using the STACK! Parameters are pushed on the stack before calling the function. Local variables are stored in stack memory as well.
  • 19. add(x, y) 1 PROLOGUE 2 Local Variables BODY 3 s = add(3, 4) EPILOGUE Return Calling a function 4
  • 20. add(x, y) PROLOGUE Push 4 Local Variables Push 3 BODY CALL add EPILOGUE RET Calling a function
  • 21. CALL does two things: add CALL add RET Calling a function
  • 22. CALL does two things: add Push EIP on the stack Jump to the function's address CALL add RET Calling a function
  • 23. add CALL add RET Calling a function CALL does two things: Push EIP on the stack Jump to the function's address RET simply pops the saved EIP value.
  • 24. How does it all fit together?
  • 25. How does it all fit together? Let's see what happens on the stack.
  • 26. How does it all fit together? Let's see what happens on the stack. ESP is the stack pointer. It always points to the top of the stack.
  • 27. In the beginning ESP points to the top of the stack, as usual ... ESP ... EBP
  • 28. In the beginning ESP points to the top of the stack, as usual EBP is the frame pointer (called Base Pointer). It points to regions within the stack. ... ESP ... EBP
  • 29. Push the parameters For add(3,4) we push 3 and 4 on the stack. 3 ESP 4 ... ... EBP
  • 30. CALL add CALL pushes the current EIP on the stack... ...and jumps to add() Saved EIP ESP 3 4 ... ... EBP
  • 31. Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP Saved EIP 3 4 ... ...
  • 32. Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP What's a FRAME? Saved EIP 3 4 ... ...
  • 33. Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP What's a FRAME? Saved EIP 3 We shall discuss the frame a bit later. 4 ... ...
  • 34. Local Variables Local variables are created in the stack memory. sum ESP Old EBP EBP Saved EIP 3 4 ... ...
  • 35. Frame for add() The Stack Frame The stack memory used by a function is termed as its STACK FRAME sum ESP Old EBP EBP Saved EIP 3 4 ... ... Frame for main()
  • 36. Functions and Frames Each function call results in a new frame being created on the stack. func1() frame for func1 ESP
  • 37. Functions and Frames Each function call results in a new frame being created on the stack. func1() frame for func2 ESP func2() frame for func1
  • 38. Functions and Frames Each function call results in a new frame being created on the stack. frame for func3 ESP func1() frame for func2 func2() frame for func1 func3()
  • 39. frame for func2 frame for func1 Functions and Frames When a function returns, the frame is "unwound" or "collapsed". func1() ESP func2() func3()
  • 40. Functions and Frames And as new functions get invoked, new frames get created. frame for func4 ESP func1() frame for func2 func2() frame for func1 func3() func4()
  • 41. The Frame Pointer EBP is the frame pointer (base pointer). sum Old EBP EBP Saved EIP 3 4 ... ...
  • 42. The Frame Pointer EBP is the frame pointer (base pointer). sum local var Old EBP EBP Local variables and Parameters are RELATIVE to the frame pointer. Saved EIP 3 param 1 4 param 2 ... ...
  • 43. The Frame Pointer EBP is the frame pointer (base pointer). sum EBP - 4 Old EBP EBP Local variables and Parameters are RELATIVE to the frame pointer. Saved EIP 3 EBP + 8 4 EBP - n: Local vars EBP + n: Parameters EBP + 12 ... ...
  • 44. Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP ESP EBP Saved EIP 3 4 ... ...
  • 45. Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP POP EBP. Restores EBP back to the old frame. Saved EIP ESP 3 4 ... ... EBP
  • 46. Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP POP EBP. Restores EBP back to the old frame. Saved EIP ESP 3 4 Stack pointer now points to where EIP was saved before CALL add(). ... ... EBP
  • 47. Return! RET instruction pops the saved EIP value back into the EIP register. sum Old EBP Saved EIP ESP 3 4 ... ... EBP
  • 48. Return! RET instruction pops the saved EIP value back into the EIP register. EIP sum Old EBP Program control is returns to the next statement after add() Saved EIP ESP 3 4 ... ... EBP
  • 49. Return! RET instruction pops the saved EIP value back into the EIP register. EIP sum Old EBP Program control is returns to the next statement after add() Saved EIP 3 ESP 4 ESP shifts down by one word. ... ... EBP
  • 52. HOW FUNCTIONS WORK saumil@net-square.com