SlideShare uma empresa Scribd logo

How Functions Work

Saumil Shah
Saumil Shah

A function is a reusable block of code that can be called from different parts of a program. Functions accept parameters as input and may return a value. When a function is called, its parameters and local variables are stored on the stack. Each function call creates a stack frame that contains its parameters, local variables, and return address. This allows functions to maintain separate variable scopes while sharing the call stack.

TecnologiaNegócios
1 de 52
How Functions Work Saumil Shah www.net-square.com
Introduction
# who am i Saumil Shah CEO Net-square. Hacker, Speaker, Trainer, Author. M.S. Computer Science Purdue University. Google: "saumil" LinkedIn: saumilshah
Preview
What is a function?
What is a function? A function is a special SUBROUTINE
What is a function? A function is a special SUBROUTINE Re-usable block of code Can be called from anywhere in the program
What is a function? A function is a special SUBROUTINE Re-usable block of code Can be called from anywhere in the program Program control jumps to the subroutine... ...and returns to the next statement after completing the subroutine
Anything else?
Anything else? A function accepts parameters A function returns a value
Anything else? A function accepts parameters A function returns a value It may also have LOCAL variables...
Anything else? A function accepts parameters A function returns a value It may also have LOCAL variables... ...created when function is invoked, and destroyed when the function returns. Scope limited to that function only.
An example - add(x, y) int add(int x, int y) { int sum; sum = x + y; return(sum); }
An example - add(x, y) Parameters int add(int x, int y) { int sum; sum = x + y; return(sum); } Local Variable Return Value
Where are all the values stored? How are parameters passed? Where are local variables stored?
Where are all the values stored? How are parameters passed? Where are local variables stored? It is all accomplished using the STACK!
Where are all the values stored? How are parameters passed? Where are local variables stored? It is all accomplished using the STACK! Parameters are pushed on the stack before calling the function. Local variables are stored in stack memory as well.
Calling a function
add(x, y) 1 PROLOGUE 2 Local Variables BODY 3 s = add(3, 4) EPILOGUE Return Calling a function 4
add(x, y) PROLOGUE Push 4 Local Variables Push 3 BODY CALL add EPILOGUE RET Calling a function
CALL does two things: add CALL add RET Calling a function
CALL does two things: add Push EIP on the stack Jump to the function's address CALL add RET Calling a function
add CALL add RET Calling a function CALL does two things: Push EIP on the stack Jump to the function's address RET simply pops the saved EIP value.
How does it all fit together?
How does it all fit together? Let's see what happens on the stack.
How does it all fit together? Let's see what happens on the stack. ESP is the stack pointer. It always points to the top of the stack.
In the beginning ESP points to the top of the stack, as usual ... ESP ... EBP
In the beginning ESP points to the top of the stack, as usual EBP is the frame pointer (called Base Pointer). It points to regions within the stack. ... ESP ... EBP
Push the parameters For add(3,4) we push 3 and 4 on the stack. 3 ESP 4 ... ... EBP
CALL add CALL pushes the current EIP on the stack... ...and jumps to add() Saved EIP ESP 3 4 ... ... EBP
Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP Saved EIP 3 4 ... ...
Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP What's a FRAME? Saved EIP 3 4 ... ...
Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP What's a FRAME? Saved EIP 3 We shall discuss the frame a bit later. 4 ... ...
Local Variables Local variables are created in the stack memory. sum ESP Old EBP EBP Saved EIP 3 4 ... ...
Frame for add() The Stack Frame The stack memory used by a function is termed as its STACK FRAME sum ESP Old EBP EBP Saved EIP 3 4 ... ... Frame for main()
Functions and Frames Each function call results in a new frame being created on the stack. func1() frame for func1 ESP
Functions and Frames Each function call results in a new frame being created on the stack. func1() frame for func2 ESP func2() frame for func1
Functions and Frames Each function call results in a new frame being created on the stack. frame for func3 ESP func1() frame for func2 func2() frame for func1 func3()
frame for func2 frame for func1 Functions and Frames When a function returns, the frame is "unwound" or "collapsed". func1() ESP func2() func3()
Functions and Frames And as new functions get invoked, new frames get created. frame for func4 ESP func1() frame for func2 func2() frame for func1 func3() func4()
The Frame Pointer EBP is the frame pointer (base pointer). sum Old EBP EBP Saved EIP 3 4 ... ...
The Frame Pointer EBP is the frame pointer (base pointer). sum local var Old EBP EBP Local variables and Parameters are RELATIVE to the frame pointer. Saved EIP 3 param 1 4 param 2 ... ...
The Frame Pointer EBP is the frame pointer (base pointer). sum EBP - 4 Old EBP EBP Local variables and Parameters are RELATIVE to the frame pointer. Saved EIP 3 EBP + 8 4 EBP - n: Local vars EBP + n: Parameters EBP + 12 ... ...
Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP ESP EBP Saved EIP 3 4 ... ...
Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP POP EBP. Restores EBP back to the old frame. Saved EIP ESP 3 4 ... ... EBP
Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP POP EBP. Restores EBP back to the old frame. Saved EIP ESP 3 4 Stack pointer now points to where EIP was saved before CALL add(). ... ... EBP
Return! RET instruction pops the saved EIP value back into the EIP register. sum Old EBP Saved EIP ESP 3 4 ... ... EBP
Return! RET instruction pops the saved EIP value back into the EIP register. EIP sum Old EBP Program control is returns to the next statement after add() Saved EIP ESP 3 4 ... ... EBP
Return! RET instruction pops the saved EIP value back into the EIP register. EIP sum Old EBP Program control is returns to the next statement after add() Saved EIP 3 ESP 4 ESP shifts down by one word. ... ... EBP
Key Concepts
Review
HOW FUNCTIONS WORK saumil@net-square.com

Recomendados

Operating Systems - A Primer
Operating Systems - A PrimerOperating Systems - A Primer
Operating Systems - A Primer
Saumil Shah
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to Debuggers
Saumil Shah
 
Dive into ROP - a quick introduction to Return Oriented Programming
Dive into ROP - a quick introduction to Return Oriented ProgrammingDive into ROP - a quick introduction to Return Oriented Programming
Dive into ROP - a quick introduction to Return Oriented Programming
Saumil Shah
 
Sigreturn Oriented Programming
Sigreturn Oriented ProgrammingSigreturn Oriented Programming
Sigreturn Oriented Programming
Angel Boy
 
Linux Binary Exploitation - Return-oritend Programing
Linux Binary Exploitation - Return-oritend ProgramingLinux Binary Exploitation - Return-oritend Programing
Linux Binary Exploitation - Return-oritend Programing
Angel Boy
 
Qemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System EmulationQemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System Emulation
National Cheng Kung University
 
Linux Binary Exploitation - Stack buffer overflow
Linux Binary Exploitation - Stack buffer overflowLinux Binary Exploitation - Stack buffer overflow
Linux Binary Exploitation - Stack buffer overflow
Angel Boy
 
Linux Kernel Booting Process (2) - For NLKB
Linux Kernel Booting Process (2) - For NLKBLinux Kernel Booting Process (2) - For NLKB
Linux Kernel Booting Process (2) - For NLKB
shimosawa
 

Recomendados

Operating Systems - A Primer
Operating Systems - A PrimerOperating Systems - A Primer
Operating Systems - A Primer
Saumil Shah
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to Debuggers
Saumil Shah
 
Dive into ROP - a quick introduction to Return Oriented Programming
Dive into ROP - a quick introduction to Return Oriented ProgrammingDive into ROP - a quick introduction to Return Oriented Programming
Dive into ROP - a quick introduction to Return Oriented Programming
Saumil Shah
 
Sigreturn Oriented Programming
Sigreturn Oriented ProgrammingSigreturn Oriented Programming
Sigreturn Oriented Programming
Angel Boy
 
Linux Binary Exploitation - Return-oritend Programing
Linux Binary Exploitation - Return-oritend ProgramingLinux Binary Exploitation - Return-oritend Programing
Linux Binary Exploitation - Return-oritend Programing
Angel Boy
 
Qemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System EmulationQemu JIT Code Generator and System Emulation
Qemu JIT Code Generator and System Emulation
National Cheng Kung University
 
Linux Binary Exploitation - Stack buffer overflow
Linux Binary Exploitation - Stack buffer overflowLinux Binary Exploitation - Stack buffer overflow
Linux Binary Exploitation - Stack buffer overflow
Angel Boy
 
Linux Kernel Booting Process (2) - For NLKB
Linux Kernel Booting Process (2) - For NLKBLinux Kernel Booting Process (2) - For NLKB
Linux Kernel Booting Process (2) - For NLKB
shimosawa
 
Binary exploitation - AIS3
Binary exploitation - AIS3Binary exploitation - AIS3
Binary exploitation - AIS3
Angel Boy
 
MacOS memory allocator (libmalloc) Exploitation
MacOS memory allocator (libmalloc) ExploitationMacOS memory allocator (libmalloc) Exploitation
MacOS memory allocator (libmalloc) Exploitation
Angel Boy
 
Play with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit TechniquePlay with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit Technique
Angel Boy
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
Alexei Starovoitov
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using Tracing
ScyllaDB
 
The Internals of "Hello World" Program
The Internals of "Hello World" ProgramThe Internals of "Hello World" Program
The Internals of "Hello World" Program
National Cheng Kung University
 
Linux binary Exploitation - Basic knowledge
Linux binary Exploitation - Basic knowledgeLinux binary Exploitation - Basic knowledge
Linux binary Exploitation - Basic knowledge
Angel Boy
 
ROP 輕鬆談
ROP 輕鬆談ROP 輕鬆談
ROP 輕鬆談
hackstuff
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panic
Joseph Lu
 
Windows 10 Nt Heap Exploitation (English version)
Windows 10 Nt Heap Exploitation (English version)Windows 10 Nt Heap Exploitation (English version)
Windows 10 Nt Heap Exploitation (English version)
Angel Boy
 
Slab Allocator in Linux Kernel
Slab Allocator in Linux KernelSlab Allocator in Linux Kernel
Slab Allocator in Linux Kernel
Adrian Huang
 
Advanced heap exploitaion
Advanced heap exploitaionAdvanced heap exploitaion
Advanced heap exploitaion
Angel Boy
 
Heap exploitation
Heap exploitationHeap exploitation
Heap exploitation
Angel Boy
 
An introduction to ROP
An introduction to ROPAn introduction to ROP
An introduction to ROP
Saumil Shah
 
Decompressed vmlinux: linux kernel initialization from page table configurati...
Decompressed vmlinux: linux kernel initialization from page table configurati...Decompressed vmlinux: linux kernel initialization from page table configurati...
Decompressed vmlinux: linux kernel initialization from page table configurati...
Adrian Huang
 
Handling inline assembly in Clang and LLVM
Handling inline assembly in Clang and LLVMHandling inline assembly in Clang and LLVM
Handling inline assembly in Clang and LLVM
Min-Yih Hsu
 
Linux Kernel Booting Process (1) - For NLKB
Linux Kernel Booting Process (1) - For NLKBLinux Kernel Booting Process (1) - For NLKB
Linux Kernel Booting Process (1) - For NLKB
shimosawa
 
Ownership System in Rust
Ownership System in RustOwnership System in Rust
Ownership System in Rust
Chih-Hsuan Kuo
 
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is bootedVmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Adrian Huang
 
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtKernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Anne Nicolas
 
ROP
ROPROP
ROP
Jian-Yu Li
 
P4 2018 io_functions
P4 2018 io_functionsP4 2018 io_functions
P4 2018 io_functions
Prof. Wim Van Criekinge
 

Mais conteúdo relacionado

Mais procurados

New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using Tracing
ScyllaDB
 
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtKernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Anne Nicolas
 

Mais procurados (20)

Binary exploitation - AIS3
Binary exploitation - AIS3Binary exploitation - AIS3
Binary exploitation - AIS3
 
MacOS memory allocator (libmalloc) Exploitation
MacOS memory allocator (libmalloc) ExploitationMacOS memory allocator (libmalloc) Exploitation
MacOS memory allocator (libmalloc) Exploitation
 
Play with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit TechniquePlay with FILE Structure - Yet Another Binary Exploit Technique
Play with FILE Structure - Yet Another Binary Exploit Technique
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using Tracing
 
The Internals of "Hello World" Program
The Internals of "Hello World" ProgramThe Internals of "Hello World" Program
The Internals of "Hello World" Program
 
Linux binary Exploitation - Basic knowledge
Linux binary Exploitation - Basic knowledgeLinux binary Exploitation - Basic knowledge
Linux binary Exploitation - Basic knowledge
 
ROP 輕鬆談
ROP 輕鬆談ROP 輕鬆談
ROP 輕鬆談
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panic
 
Windows 10 Nt Heap Exploitation (English version)
Windows 10 Nt Heap Exploitation (English version)Windows 10 Nt Heap Exploitation (English version)
Windows 10 Nt Heap Exploitation (English version)
 
Slab Allocator in Linux Kernel
Slab Allocator in Linux KernelSlab Allocator in Linux Kernel
Slab Allocator in Linux Kernel
 
Advanced heap exploitaion
Advanced heap exploitaionAdvanced heap exploitaion
Advanced heap exploitaion
 
Heap exploitation
Heap exploitationHeap exploitation
Heap exploitation
 
An introduction to ROP
An introduction to ROPAn introduction to ROP
An introduction to ROP
 
Decompressed vmlinux: linux kernel initialization from page table configurati...
Decompressed vmlinux: linux kernel initialization from page table configurati...Decompressed vmlinux: linux kernel initialization from page table configurati...
Decompressed vmlinux: linux kernel initialization from page table configurati...
 
Handling inline assembly in Clang and LLVM
Handling inline assembly in Clang and LLVMHandling inline assembly in Clang and LLVM
Handling inline assembly in Clang and LLVM
 
Linux Kernel Booting Process (1) - For NLKB
Linux Kernel Booting Process (1) - For NLKBLinux Kernel Booting Process (1) - For NLKB
Linux Kernel Booting Process (1) - For NLKB
 
Ownership System in Rust
Ownership System in RustOwnership System in Rust
Ownership System in Rust
 
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is bootedVmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
 
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtKernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
 

Semelhante a How Functions Work

Planet of the AOPs
Planet of the AOPsPlanet of the AOPs
Planet of the AOPs
James Ward
 
04basic Concepts
04basic Concepts04basic Concepts
04basic Concepts
Zhiwen Guo
 
Clojure beasts-euroclj-2014
Clojure beasts-euroclj-2014Clojure beasts-euroclj-2014
Clojure beasts-euroclj-2014
Renzo Borgatti
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploits
hughpearse
 

Semelhante a How Functions Work (20)

ROP
ROPROP
ROP
 
P4 2018 io_functions
P4 2018 io_functionsP4 2018 io_functions
P4 2018 io_functions
 
Exploitation Crash Course
Exploitation Crash CourseExploitation Crash Course
Exploitation Crash Course
 
2.0 Stacks.pptx
2.0 Stacks.pptx2.0 Stacks.pptx
2.0 Stacks.pptx
 
CNIT 127: Ch 2: Stack Overflows in Linux
CNIT 127: Ch 2: Stack Overflows in LinuxCNIT 127: Ch 2: Stack Overflows in Linux
CNIT 127: Ch 2: Stack Overflows in Linux
 
127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux
 
CNIT 127: Ch 2: Stack overflows on Linux
CNIT 127: Ch 2: Stack overflows on LinuxCNIT 127: Ch 2: Stack overflows on Linux
CNIT 127: Ch 2: Stack overflows on Linux
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basics
 
Intro to JavaScript - Week 2: Function
Intro to JavaScript - Week 2: FunctionIntro to JavaScript - Week 2: Function
Intro to JavaScript - Week 2: Function
 
Planet of the AOPs
Planet of the AOPsPlanet of the AOPs
Planet of the AOPs
 
127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux127 Ch 2: Stack overflows on Linux
127 Ch 2: Stack overflows on Linux
 
04basic Concepts
04basic Concepts04basic Concepts
04basic Concepts
 
Exploit techniques - a quick review
Exploit techniques - a quick reviewExploit techniques - a quick review
Exploit techniques - a quick review
 
Return Oriented Programming (ROP chaining)
Return Oriented Programming (ROP chaining)Return Oriented Programming (ROP chaining)
Return Oriented Programming (ROP chaining)
 
Buffer overflow attack
Buffer overflow attackBuffer overflow attack
Buffer overflow attack
 
Functions in python
Functions in pythonFunctions in python
Functions in python
 
Stacks IN DATA STRUCTURES
Stacks IN DATA STRUCTURESStacks IN DATA STRUCTURES
Stacks IN DATA STRUCTURES
 
Clojure beasts-euroclj-2014
Clojure beasts-euroclj-2014Clojure beasts-euroclj-2014
Clojure beasts-euroclj-2014
 
Seh based attack
Seh based attackSeh based attack
Seh based attack
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploits
 

Mais de Saumil Shah

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
Saumil Shah
 

Mais de Saumil Shah (20)

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019
 
Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-X
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 

How Functions Work

  • 1. How Functions Work Saumil Shah www.net-square.com
  • 3. # who am i Saumil Shah CEO Net-square. Hacker, Speaker, Trainer, Author. M.S. Computer Science Purdue University. Google: "saumil" LinkedIn: saumilshah
  • 5. What is a function?
  • 6. What is a function? A function is a special SUBROUTINE
  • 7. What is a function? A function is a special SUBROUTINE Re-usable block of code Can be called from anywhere in the program
  • 8. What is a function? A function is a special SUBROUTINE Re-usable block of code Can be called from anywhere in the program Program control jumps to the subroutine... ...and returns to the next statement after completing the subroutine
  • 10. Anything else? A function accepts parameters A function returns a value
  • 11. Anything else? A function accepts parameters A function returns a value It may also have LOCAL variables...
  • 12. Anything else? A function accepts parameters A function returns a value It may also have LOCAL variables... ...created when function is invoked, and destroyed when the function returns. Scope limited to that function only.
  • 13. An example - add(x, y) int add(int x, int y) { int sum; sum = x + y; return(sum); }
  • 14. An example - add(x, y) Parameters int add(int x, int y) { int sum; sum = x + y; return(sum); } Local Variable Return Value
  • 15. Where are all the values stored? How are parameters passed? Where are local variables stored?
  • 16. Where are all the values stored? How are parameters passed? Where are local variables stored? It is all accomplished using the STACK!
  • 17. Where are all the values stored? How are parameters passed? Where are local variables stored? It is all accomplished using the STACK! Parameters are pushed on the stack before calling the function. Local variables are stored in stack memory as well.
  • 19. add(x, y) 1 PROLOGUE 2 Local Variables BODY 3 s = add(3, 4) EPILOGUE Return Calling a function 4
  • 20. add(x, y) PROLOGUE Push 4 Local Variables Push 3 BODY CALL add EPILOGUE RET Calling a function
  • 21. CALL does two things: add CALL add RET Calling a function
  • 22. CALL does two things: add Push EIP on the stack Jump to the function's address CALL add RET Calling a function
  • 23. add CALL add RET Calling a function CALL does two things: Push EIP on the stack Jump to the function's address RET simply pops the saved EIP value.
  • 24. How does it all fit together?
  • 25. How does it all fit together? Let's see what happens on the stack.
  • 26. How does it all fit together? Let's see what happens on the stack. ESP is the stack pointer. It always points to the top of the stack.
  • 27. In the beginning ESP points to the top of the stack, as usual ... ESP ... EBP
  • 28. In the beginning ESP points to the top of the stack, as usual EBP is the frame pointer (called Base Pointer). It points to regions within the stack. ... ESP ... EBP
  • 29. Push the parameters For add(3,4) we push 3 and 4 on the stack. 3 ESP 4 ... ... EBP
  • 30. CALL add CALL pushes the current EIP on the stack... ...and jumps to add() Saved EIP ESP 3 4 ... ... EBP
  • 31. Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP Saved EIP 3 4 ... ...
  • 32. Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP What's a FRAME? Saved EIP 3 4 ... ...
  • 33. Prologue The Prologue saves the old frame pointer (EBP) and sets EBP to top of stack. Old EBP EBP ESP What's a FRAME? Saved EIP 3 We shall discuss the frame a bit later. 4 ... ...
  • 34. Local Variables Local variables are created in the stack memory. sum ESP Old EBP EBP Saved EIP 3 4 ... ...
  • 35. Frame for add() The Stack Frame The stack memory used by a function is termed as its STACK FRAME sum ESP Old EBP EBP Saved EIP 3 4 ... ... Frame for main()
  • 36. Functions and Frames Each function call results in a new frame being created on the stack. func1() frame for func1 ESP
  • 37. Functions and Frames Each function call results in a new frame being created on the stack. func1() frame for func2 ESP func2() frame for func1
  • 38. Functions and Frames Each function call results in a new frame being created on the stack. frame for func3 ESP func1() frame for func2 func2() frame for func1 func3()
  • 39. frame for func2 frame for func1 Functions and Frames When a function returns, the frame is "unwound" or "collapsed". func1() ESP func2() func3()
  • 40. Functions and Frames And as new functions get invoked, new frames get created. frame for func4 ESP func1() frame for func2 func2() frame for func1 func3() func4()
  • 41. The Frame Pointer EBP is the frame pointer (base pointer). sum Old EBP EBP Saved EIP 3 4 ... ...
  • 42. The Frame Pointer EBP is the frame pointer (base pointer). sum local var Old EBP EBP Local variables and Parameters are RELATIVE to the frame pointer. Saved EIP 3 param 1 4 param 2 ... ...
  • 43. The Frame Pointer EBP is the frame pointer (base pointer). sum EBP - 4 Old EBP EBP Local variables and Parameters are RELATIVE to the frame pointer. Saved EIP 3 EBP + 8 4 EBP - n: Local vars EBP + n: Parameters EBP + 12 ... ...
  • 44. Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP ESP EBP Saved EIP 3 4 ... ...
  • 45. Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP POP EBP. Restores EBP back to the old frame. Saved EIP ESP 3 4 ... ... EBP
  • 46. Epilogue The Epilogue cleans up the stack frame. Local variables are effectively destroyed. sum Old EBP POP EBP. Restores EBP back to the old frame. Saved EIP ESP 3 4 Stack pointer now points to where EIP was saved before CALL add(). ... ... EBP
  • 47. Return! RET instruction pops the saved EIP value back into the EIP register. sum Old EBP Saved EIP ESP 3 4 ... ... EBP
  • 48. Return! RET instruction pops the saved EIP value back into the EIP register. EIP sum Old EBP Program control is returns to the next statement after add() Saved EIP ESP 3 4 ... ... EBP
  • 49. Return! RET instruction pops the saved EIP value back into the EIP register. EIP sum Old EBP Program control is returns to the next statement after add() Saved EIP 3 ESP 4 ESP shifts down by one word. ... ... EBP
  • 52. HOW FUNCTIONS WORK saumil@net-square.com