IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [x86]

The processor architecture of most PCs and servers, including the 386/486/Pentium/… (IA-32) 32-bit family and the amd64 64-bit family. Most x86 processors are made by Intel or AMD.

x86 is a family of processor architectures. Almost all desktop, laptop and server computers have an x86 processor made by Intel or AMD as their CPU. Today, x86 comprises two major architectures:

  • IA-32, a 32-bit architecture introduced in the 80386 processor and found in all subsequent generations including all Pentium generations.
  • x86-64, also known as amd64, a 64-bit architecture found in most recent x86 processors, which retains IA-32 as a subset. (Not to be confused with IA-64, also called Itanium, a different 64-bit architecture from Intel used in a few high-end servers and high-performance computers.)

Major operating systems for x86 include , , , , , …

34 questions
21
votes
2 answers

What is known about the capabilities of AMD's Secure Processor?

I've found a fair amount of research about what Intel's ME does, including the "Intel x86 considered harmful (Chapter 4 is about ME)" survey paper by Joanna Rutkowska, but I'm having a much harder time finding information about AMD's Secure…
mikkros
  • 211
  • 2
  • 4
19
votes
6 answers

Do high level languages allow for buffer / heap overflow?

I'm learning about basic x86 overflows in C but normally I code with Python. Is there anyway that programs written in higher level languages can suffer from buffer/heap overflow?
blank
  • 225
  • 1
  • 3
16
votes
1 answer

Return-oriented programming: how to find a stack pivot

I have a program with a heap overflow. It contains some code that is not randomized (is not using ASLR). I want to do a return-oriented programming exploit. Since this is a heap overflow, the first thing I need to do is find a stack pivot, so I…
D.W.
  • 98,420
  • 30
  • 267
  • 572
16
votes
1 answer

Why are AMD processors not/less vulnerable to Meltdown and Spectre?

I’ve read up on Meltdown and Spectre and it’s not obvious to me why AMD would be less vulnerable. Do AMD processors simply not have speculative execution? Or do they have some way of not exploding the same side channels? Update: I ask because AMD’s…
Ethan Reesor
  • 271
  • 2
  • 7
13
votes
4 answers

Adding 65K buffer to protect from buffer overflows?

If you had a very complex and important function in C that you wanted to protect, would it be worth it to put a 65K buffer at the top of the stack to protect from buffer overflows? You would put your important buffers below the 65K buffer so that…
John
  • 413
  • 4
  • 13
10
votes
2 answers

Are memcpy() based race conditions exploitable for causing remote code execution?

Let’s say I have the following pseudocode in the trusted part of a sandbox which prevent untrusted code calling mprotect() and mmap() and ptrace() directly (mutext isn’t accessible from sandboxed memory)… //src and dest are user controlled but must…
user2284570
  • 1,402
  • 1
  • 14
  • 33
9
votes
1 answer

Better way to import Win32 APIs from injected shellcode

I'm injecting native x86 code into a .NET application, via a TLS callback in the binary image. Unfortunately, .NET executables only import mscorlib.dll within the PE, and have kernel32.dll mapped automatically into the memory space at runtime. I…
Polynomial
  • 132,208
  • 43
  • 298
  • 379
9
votes
1 answer

Do fTPM implementations protect against physical attacks?

I see that there is an increasing number of PCs shipped with firmware based TPM (fTPM), e.g. the Intel NUC. As far as I understand, these solutions practically emulate a TPM chip using the CPUs special instructions (ARM TrustZone or Intel SGX). This…
KovBal
  • 313
  • 2
  • 8
7
votes
1 answer

Return oriented programming without int 0x80

I have a program with a stack based buffer overflow. It is running PIE with ASLR and DEP, however there is a section of executable code that is at a fixed location. However, this region does not contain an int 0x80; ret gadget. I can control eax,…
robertkin
  • 277
  • 2
  • 6
7
votes
1 answer

Why does my x86 shellcode test program segfault?

I am trying to learn how to create shellcode, my goal is to call execve(). I wrote the code in assembly and it works perfectly, there are no null-bytes or absolute addressing methods. The code works fine, but when I copy the opcodes into a c program…
tropz
  • 79
  • 1
  • 3
7
votes
2 answers

How to exploit variable's value

I'm trying to exploit a binary file which I have access to the source code. int flag = 0; int main() { char buf[0x50]; puts("Who are you? "); printf("> "); fgets(buf, 0x50, stdin); printf(buf); if (flag == 1337) { …
fish202
  • 119
  • 3
  • 7
6
votes
1 answer

Hardware enforced DEP on different CPUs

Are there any differences how hardware DEP is implemented on CPUs from different manufacturers (Intel, AMD, nVidia, Texas,...)? Are there any significant differences how hardware DEP works on x86 and ARM?
StupidOne
  • 2,802
  • 21
  • 35
6
votes
2 answers

Linux Kernel ROP - Returning to userland from kernel context?

I have a vulnerable Linux Kernel module (32-bit), which I can successfully exploit, and have gained privileges out of it. Basically, my exploit uses an ROP chain to disable SMEP, and directly jumps to my shellcode mapped at userland. My shellcode at…
Mukesh Sai Kumar
  • 220
  • 1
  • 12
4
votes
3 answers

Program exiting after executing int 0x80 instruction when running shellcode

In school I was given an assignment to perform a buffer overflow, which would execute some shellcode and open a new shell. After a bit of fiddling the buffer overflow succeeded, and when I ran the exploit in GDB it says that the program is executing…
EscalatedQuickly
  • 153
  • 1
  • 8
4
votes
1 answer

Occurence of ROP gadget

I'm researching various buffer overflow techniques, one I encounter and is pretty interested in the moment is Return Oriented Programming (ROP), and the use of small groups of instructions known as gadgets. The question: There are certain gadgets…
Pham Trung Nghia
  • 85
  • 7
1
2 3