The document discusses the "Hello World" program in C and assembly languages. It provides the C code, compiles and runs it using GCC and LLVM, and examines the output assembly code, object file and executable using various Linux tools like objdump, readelf, nm, and strace. It explains concepts like sections, segments, symbol tables, relocation records, and the role of linker and loader.
Вы узнаете о том, как при помощи syzkaller обнаружить уязвимости ядра Linux. syzkaller — инструмент для фаззинга системных вызовов Linux. Во время тестирования ядра Linux внутри компании Google фаззер нашел более 400 уязвимостей; внешними пользователями также было обнаружено множество ошибок.
The document aims to analyze in detail the main phases of a penetration test, in particular: how to become silent, how to performe information gathering and service information gathering, how to find exploits and how you can actually use them.
By the way … the platform used to perform the penetration test is Kali (not Kali 2.0 because at the moment it works but not perfectly)..
Вы узнаете о том, как при помощи syzkaller обнаружить уязвимости ядра Linux. syzkaller — инструмент для фаззинга системных вызовов Linux. Во время тестирования ядра Linux внутри компании Google фаззер нашел более 400 уязвимостей; внешними пользователями также было обнаружено множество ошибок.
The document aims to analyze in detail the main phases of a penetration test, in particular: how to become silent, how to performe information gathering and service information gathering, how to find exploits and how you can actually use them.
By the way … the platform used to perform the penetration test is Kali (not Kali 2.0 because at the moment it works but not perfectly)..
HKG15-211: Advanced Toolchain Usage Part 4
---------------------------------------------------
Speaker: Ryan Arnold, Maxim Kuvyrkov, Will Newton, Yvan Roux
Date: February 10, 2015
---------------------------------------------------
★ Session Summary ★
This session is a continuation of the Advanced Toolchain Usage Part 1 & 2 presentations given at LCU14. Parts 3 and 4 will cover a variety of topics, such as: Linker tips and tricks, adding symbol versioning interfaces to a system library, debugging the dynamic linker, debugging applications that use malloc, gcc attributes, manually constructing a backtrace on arm & Aarch64, how to add lightweight debugging to your program, how to use a signal handler appropriately, and TLS Models on Aarch64 and when to use them.
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250792
Video: https://www.youtube.com/watch?v=9AcklY0Cc7U
Etherpad: http://pad.linaro.org/p/hkg15-211
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
HKG15-207: Advanced Toolchain Usage Part 3
---------------------------------------------------
Speaker: Ryan Arnold, Maxim Kuvyrkov, Will Newton, Yvan Roux
Date: February 10, 2015
---------------------------------------------------
★ Session Summary ★
This session is a continuation of the Advanced Toolchain Usage Part 1 & 2 presentations given at LCU14. Parts 3 and 4 will cover a variety of topics, such as: Linker tips and tricks, adding symbol versioning interfaces to a system library, debugging the dynamic linker, debugging applications that use malloc, gcc attributes, manually constructing a backtrace on arm & Aarch64, how to add lightweight debugging to your program, how to use a signal handler appropriately, and TLS Models on Aarch64 and when to use them.
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250788
Video: https://www.youtube.com/watch?v=EhNqFCN0YJ0
Etherpad: http://pad.linaro.org/p/hkg15-207
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
Talk about bcc/eBPF for SCALE15x (2017) by Brendan Gregg. "BPF (Berkeley Packet Filter) has been enhanced in the Linux 4.x series and now powers a large collection of performance analysis and observability tools ready for you to use, included in the bcc (BPF Complier Collection) open source project. BPF nowadays can do system tracing, software defined networks, and kernel fast path: much more than just filtering packets! This talk will focus on the bcc/BPF tools for performance analysis, which make use of other built in Linux capabilities: dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). There are now bcc tools for measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived, built in to Linux."
Linux Tracing Superpowers by Eugene PirogovPivorak MeetUp
For a long time Linux was far behind operating systems of Unix family from the perspective of debuggability, specifically in a live production systems.
However, over the course of 2016 Linux saw a series of patches that brought it on par with Unix world: an old Linux tool called BPF has risen and extended into powerful new one – eBPF. Some say that eBPF marks the begining of true DTrace for Linux.
During the presentation I'm going to talk about tracing basics, cover a series of events that led to the development of eBPF and will compare eBPF with DTrace from Unix world. Current state of affairs of Linux tracing tools will be explored. Finally, together we'll look at some of the exciting examples of eBPF application.
***
Eugene is well known in our Ruby (and Elixir) communities. Last time when he was at #pivorak he made a very light and interesting intro to the Elixir. You can check his speech out here - http://bit.ly/2evCd9R
1. P
Review the True Story of Hello
World?
Are you kidding?
Web Cookie:
Google nativeclient--Native code for web apps
Native Cookie:
Structure and Interpretation of Computer Programs
2. Releated topics
1. Loader and Linker
2. ELF
3. LLVM
4. LIBrary
5. More behind the scene
3. Wrenches
readelf objdump nm file string strace strip ld
NASA done this after Bush cancelled the Back to moon plan
5. You can interrupt me at any time
(rather than Q&A section),
this is more conivenent for context reference。
I am learning,correct me if necessary.
可以在随时打断我,这样方便引用上下文,
以免在Q&A截断重复。
我也只是入门,请纠正出现的错误。
pls read the note before the lecture or along the lecture if you have a
computer before hand now.
请提前阅读讲稿附带的笔记, 如果还没有阅读,如果手头现在有台机
器,也可以跟随演讲进行。
6. The True Story of Hello World
(or at least a good part of it)
original author:Antônio Augusto M. Fröhlich
original story
zh_CN
7. Offtopic:about the author
Prof. Dr. Antônio Augusto Fröhlich
LISHA Software/Hardware
Integration Lab
Federal University of Santa
Catarina
Course taught
Object-Oriented Programming
System Programming
Operating Systems
Computational Biology (parallel
programming)
8. Hello World in C
1 #include <stdio.h> header file directives
2 int main(int argc, char *argv[]) the so-called entry
3 { point
4 printf("Hello world!n"); C library call printf
(buffered)
5 return 0;
tell OS:everything is ok
6 }
9. Let's compile,link,and run it as a beginner
#compile -c get object file(Optimization in GCC and here)
%gcc -Os -c hello.c
#linking
%ld --dynamic-linker /lib/ld-linux.so.2 /usr/lib/crt1.o
/usr/lib/crti.o /usr/lib/crtn.o -lc hello.o -o hello
#run
%./hello
10. How about LLVM?
# compile the C file into a native executable:
% llvm-gcc hello.c -o hello
#compile the C file into a LLVM bitcode file:
% llvm-gcc -O3 -emit-llvm hello.c -c -o hello.bc
#run the program using the just-in-time compiler:
% lli hello.bc
LLVM Getting Started
Writing your own toy compiler
zh_CN 使用Flex Bison 和LLVM编写自己的编译器
11. %objdump -hrt hello.o
1 hello.o: file format elf32-i386
2 Sections:
3 Idx Name Size VMA LMA File off Algn
4 0 .text 00000027 00000000 00000000 00000034 2**2
5 CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
6 1 .data 00000000 00000000 00000000 0000005c 2**2
7 CONTENTS, ALLOC, LOAD, DATA
8 2 .bss 00000000 00000000 00000000 0000005c 2**2
9 ALLOC
10 3 .rodata.str1.1 0000000e 00000000 00000000 0000005c 2**0
11 CONTENTS, ALLOC, LOAD, READONLY, DATA
12 4 .comment 00000024 00000000 00000000 0000006a 2**0
13 CONTENTS, READONLY
14 5 .note.GNU-stack 00000000 00000000 00000000 0000008e 2**0
15 CONTENTS, READONLY
16 SYMBOL TABLE:
17 00000000 l df *ABS* 00000000 hello.c
18 00000000 l d .text 00000000 .text
19 00000000 l d .data 00000000 .data
20 00000000 l d .bss 00000000 .bss
21 00000000 l d .rodata.str1.1 00000000 .rodata.str1.1
22 00000000 l d .note.GNU-stack 00000000 .note.GNU-stack
23 00000000 l d .comment 00000000 .comment
24 00000000 g F .text 00000027 main
25 00000000 *UND* 00000000 __printf_chk
26 RELOCATION RECORDS FOR [.text]:
27 OFFSET TYPE VALUE
28 00000012 R_386_32 .rodata.str1.1
29 00000019 R_386_PC32 __printf_chk
12. %readelf -l hello
1 Elf file type is EXEC (Executable file)
2 Entry point 0x80482e0
3 There are 7 program headers, starting at offset 52
4 Program Headers:
5 Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
6 PHDR 0x000034 0x08048034 0x08048034 0x000e0 0x000e0 R E 0x4
7 INTERP 0x000114 0x08048114 0x08048114 0x00013 0x00013 R 0x1
8 [Requesting program interpreter: /lib/ld-linux.so.2]
9 LOAD 0x000000 0x08048000 0x08048000 0x003d6 0x003d6 R E 0x1000
10 LOAD 0x0003d8 0x080493d8 0x080493d8 0x000e8 0x000e8 RW 0x1000
11 DYNAMIC 0x0003d8 0x080493d8 0x080493d8 0x000c8 0x000c8 RW 0x4
12 NOTE 0x000128 0x08048128 0x08048128 0x00020 0x00020 R 0x4
13 GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
14 Section to Segment mapping:
15 Segment Sections...
16 00
17 01 .interp
18 02 .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.
dyn .rel.plt .init .plt .text .fini .rodata
19 03 .dynamic .got .got.plt .data
20 04 .dynamic
21 05 .note.ABI-tag
22 06
20. entry pointer
%ld -o hello_ld hello.o -lc
ld: warning: cannot find entry symbol _start; defaulting to 0000000008048074
%./hello_ld
bash: ./hello_ld: No such file or directory
%gcc -nostdlib -o hello-nostdlib hello.c
/usr/bin/ld: warning: cannot find entry symbol _start; defaulting to 00000000080480b8
/tmp/ccmKwryA.o: In function `main':
hello.c:(.text+0x11): undefined reference to `puts'
collect2: ld returned 1 exit status
So what does ld forget here?
21. difference between hello and hello-ld
%nm hello
1 080493d8 d _DYNAMIC %nm hello-ld
2 080494a4 d _GLOBAL_OFFSET_TABLE_ 1 080491e4 d _DYNAMIC
3 080483c4 R _IO_stdin_used 2 08049284 d _GLOBAL_OFFSET_TABLE_
4 080494c0 A __bss_start 3 08049294 A __bss_start
5 080494bc D __data_start 4 U __printf_chk@@GLIBC_2.3.4
6 w __gmon_start__ 5 08049294 A _edata
7 0804837a T __i686.get_pc_thunk.bx 6 08049294 A _end
8 080493d6 d __init_array_end 7 U _start
9 080493d6 d __init_array_start 8 080481ac T main
10 08048310 T __libc_csu_fini
11 08048320 T __libc_csu_init
12 U __libc_start_main@@GLIBC_2.0
13 U __printf_chk@@GLIBC_2.3.4
14 080494c0 A _edata
15 080494c0 A _end
16 080483a8 T _fini
17 080483c0 R _fp_hw
18 08048278 T _init
19 080482e0 T _start
20 080494bc W data_start
21 08048380 T main
24. Internal Symbols
printf("(end of text)etext:%pn",&etext);
printf("(end of data)edata:%pn",&edata);
printf("(end of segments)end:%pn",&end);
printf("(__executable_start):%pn",&__executable_start);
(end of text)etext:0x80486b8
(end of data)edata:0x804a028
(end of segments)end:0x804c060
(__executable_start):0x8048000
28. Web References
1. A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux
2. Hello from a libc-free world!(part one and part two)
3. bash: ./hello-ld: No such file or directory
4. Linkers and Loaders (Linux Journal)
5. Structure and Interpretation of Computer Programs
6. Linux Standard Base (LSB)
29. Books
1. Loader and Linker John R. Levine - 2000
2. 程序员的自我修养 --链接、装载与库 俞甲子/石凡/潘爱
民 2009
3. Computer Systems: A Programmer's Perspective Randal
E.Bryant / David O'Hallaron 2003