When BIOS finishes its job, it finds a bootable disk and loads the first sector - the first 512 bytes. The magic 0xaa55 is the value marking bootable 510 bytes. But 510 bytes is not enough for a greedy programmer.
How to test and debug your own OS? For running one can use any of available emulators or VMs. I choose QEMU. But running isn't enough. Debugging is very important - at least for me. In this post, I will build the 'OS' image, run it and attach gdb for debugging.
Let us write something with standard C functions like printf or scanf. What I plan to learn from this is how to link the program with libc and do a little refactor to program structure.
First, try to write some x64 assembler program. I will use yasm and ld. I have a few books about assembler, but not for 64-bit architecture. Lucky for me, I found the "Introduction to 64 Bit Assembly Language Programming for Linux and OS X" by Ray Seyfarth.
When trying to take control over the program, one must sometimes alter information stored on the stack. StackOverflow is one possibility. It is constrained by the order of variables placed on the stack. Format String Attack allows overstepping this constraint. This kind of attack uses printf functions family vulnerability. If one use printf with a variable instead of the format string, you have your window of opportunity. Of course, if you are the one who puts data to this variable.
Last week I spent 2h instead of 20 minutes on stack overflow challenge because my payload has some strange values in the middle of jump address. I was impressed by this challenge, and how it managed to put some values between my bytes. Imagine my mood when I realized that it wasn't some special power of the program. It was my shell doing evil decoding behind the scene.
The third challenge is a reverse engineering problem. The zipped package contains 3 files:
crackme_baby
crackme.py
run.sh
Python file contains definitions of simple math operations (add, sub, mul, div2, mod, inf). Let us disassemble crackme_baby file.
I want to try to build simple REST server demo with cpprestsdk. It is still experimental part of the library.
Let's start the program. I want to listen on localhost on port 9000 with relative path /demo. For now,
the program will handle only GET and POST. When the listener starts, we get a notification.
cpprestsdk uses pplx::task<T> for composing asynchronous operations (...then().then().wait()). The main
loop is very simple, we just while infinitely.
One can install the C++ REST SDK running
sudo apt install libcpprest-dev. Unfortunately after that my CMake couldn't find it.
I have some other troubles with compiling a project with cpprest. So I change my mind and
I built the library from the source
(instructions).
To try the new toy I choose this sample.
One has running Nikola. One stores all ones work on GitHub and hosts it on the GitHub Pages. Nice. But
do I really need to push my changes to the repo, and when I'm ready, build static pages and push them
to the master. And what if I'm not at my computer, what if I must change some typo. It would be
nice if something could do this build and deploy the stuff for me.
That is why I invite...