ISLAB HACK: Βασικές Έννοιες...

Click here to load reader

  • date post

    06-Feb-2018
  • Category

    Documents

  • view

    234
  • download

    6

Embed Size (px)

Transcript of ISLAB HACK: Βασικές Έννοιες...

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    ISLAB HACK: INTEL - IA32 LINUX & WINDOWS

    2003

    1

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    2

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    32 Linux Ms-Windows

    1 . 32bit Intel Intel Linux Ms-Windows. (Blackhat hacker) (Compromise) .

    Buffer Overflow Buffer Overflow Exploit ( ).

    2 ntel Intel 8086 (2003) Pentium 4 XEON. 8086 Pentium . 64bit Intel Itanium 32bit .

    Intel 16bit 32bit Memory Addressing. Intel i386. 32bit (4GB) UNIX.

    PC multitasking, Paging multi-users mainframe. Intel PC.

    Pentium 4 80386 . 386 Pentium 4 CISC RISC (Opcode). MMX . -32bit MemoryAddressing. , MemoryAddressing, 386 Pentium 4 . cach memory (level) 2

    3

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    Linear Address .

    i386 MS-windows( generation) Linux intel , i386. IA32.

    2.1 ntel IA32 Intel 16bit . Intel IA32 3 mode Real-Mode Protected-Mode Virtual-8086mode. (modes) , , Intel 32bit Pentium 4 .

    1

    mode : Real-address Mode :

    . mode Memory Addressing 8086 3 :

    o MS-DOS Pentium 4. Real-Mode DOS 16bit .

    o CS, DS, SS Selectors(index to memory Base).

    o allocation 1 Extended Memory Model 1B .

    Protected Mode: . Windows NT/2000/XP Linux 32bit Protected Mode. Windows 3.x/95 Windows 98/Me mode Real Protected mode. 32 bit Protectedmode . :

    o Multitasking Memory Allocation / Addressing .

    4

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    o Flat Memory Addressing Segments 4GB Segmentation . .

    Virtual 8086 Mode: mode Real-mode Protected mode. mode 16bit Real-mode Protectedmode Windows 98.

    modes Intel Pentium 4 2.2. 32bit Intel . .

    2 Memory Addressing mode 32bit. Segment registers mode . CR0 register Real-mode Protected-mode. System Table Registers Segmentation CR3 Paging. memoryaddressing mode Intel IA32.

    2.2 memory addressing Real Mode Mode Exploit( ) Intel mode . memory addressing 16bit 32 bit. memoryaddressing Intel IA-32 .

    Real mode 8086 Pentium 4. 1 M . 20bit (220 = 1 ).

    5

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    . Segments(). segment . 20bit.

    16 bit 3 16bit 32 bit . CS, DS, SS 3 Segment . Segment Code Segment Data Segment Stuck Segment. O 32bit Real-mode.

    (Offset) Segment. 20bit Offset Segment Register. H segment register . 16bit 20 bit Offset 16 . 16bit.

    3

    memoryAddressing . 16 bit SegmentRegister Segment 64Kbyte. , Assembly . tiny,small, medium, compact, large huge. 1993 1 . 65 o Extended Memory model MS-DOS Himem.exe.

    Compilers, linkers Segment registers . 32bit Protected mode. 32bit Protected mode Real-mode Pentium 4.

    6

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    2.3 memory addressing 32bit Protected Mode 80386 PC 32 bit. 32bit 16 bit 8bit . Compiler opcoede 16 bit opcode 32bit. . .

    386 . memory management unit (MMU) memoryaddressing mode Real-mode Protected mode.

    Protected mode 386 Pentium 4 Segment 4GB (Flat) (address space) . 4GB Segment Memory Addressing 64(64,000,000,000,000 bytes) virtual memory. memory addressing , UNIX, i386.

    Protected mode Segment registers, CS, Real Mode. Selector (index) 32-bit . 32bit 32bit Offset 32bit 16bit.

    ROM RAM. Segment Registers 16bit Real-mode. :

    GDT (Global Descriptor Table) : .

    LDT (Local Descriptor Table) : Task( multitasking) segmentation. . .

    IDT (Interrupt Descriptor Table) : interrupts .

    2.4 . Descriptor Base Address segment Segment .

    7

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    4

    Descriptor GDT, LDT IDT 32bit. Descriptor Segment Base Address Offset . Descriptor :

    base address 32bit. limit 20bit. Granularity bit

    Segment 4 1Byte. Control bits :

    o Granularity bit Segment.o DPL (Descriptor Privilege Level)

    Segment.o D/B (Default operation size) Segment 16bit

    32bit.

    Descriptor GDT LDT Selector. To Selector Segment registers. registers 16bit Protected mode. Real mode 16bit Protected mode .

    5

    Selector 13 bit (index) GD LDT. T(table indicator) Segment RPL.

    Protected mode Real-mode 8086. 16 bit Selector 16 32 bit Offset. Selector

    8

    Table Indicator 0=GDT 1=LDT

    Requested Privilege Level (RPL)

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    Descriptor . Descriptor 32bit. Offset 32bit. 32bit Linear Address. Paging , , . Paging Linear Address . paging . Linear address.

    6

    32bit Protected mode . Hardware , . Protected mode :

    Segment Offset .

    Segment 4GB Segment Registers . .

    Offset 0 Segment . Debugging . Segment Offset 16-bit .

    Offset Limit Descriptor. exception .

    Descriptor bit segment . Real Mode. . bit descriptor Read-Only segment .

    Segment 4GB Real mode Segment

    9

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    64. Segment Base Limit Descriptor. Descriptor Base 0 Limit 0xFFFFF (20 bit) 1. Granularity bit 4 Base Limit Segment 4GB(4 x 1MB = 4GB) 1MB . GDT LDT 8192 Descriptors Selector 13bit index . Records GDT LDT 16.384 Records. 16 Segments . Segment virtual memory intel Pentium 4 64Terabyte (16K x 4GB).

    2.4 16bit 32bit Protected Mode Virtual-8086 mode 16bit Protected mode. Protected mode 16bit. 16bit .

    16bit Protected mode Segments 2.4 Segment 16bitprotected mode. Realmode. mode .

    Segment 16bit 16bit 32bit. xor ax,ax xor eax,eax 16 bit opcode Compiler 0x33 0xC0. 16bit 32bit , Protected mode, Segment 16bit 32bit mode .

    16bit 32bit 16 32 bit . modules . 16 32bit Windows Linux Real mode protected mode.

    10

    virtual memory Protected mode 64TB Linear Address 32bit. 4GB. 4GB (2003) 80386 SQL .

  • ISLAB HACK: INTEL-IA32 LINUX & WINDOWS

    2.5 H Protected Mode Protected mode . intel :

    task .

    task task .

    task .

    intel . .