IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [x86]

The processor architecture of most PCs and servers, including the 386/486/Pentium/… (IA-32) 32-bit family and the amd64 64-bit family. Most x86 processors are made by Intel or AMD.

x86 is a family of processor architectures. Almost all desktop, laptop and server computers have an x86 processor made by Intel or AMD as their CPU. Today, x86 comprises two major architectures:

  • IA-32, a 32-bit architecture introduced in the 80386 processor and found in all subsequent generations including all Pentium generations.
  • x86-64, also known as amd64, a 64-bit architecture found in most recent x86 processors, which retains IA-32 as a subset. (Not to be confused with IA-64, also called Itanium, a different 64-bit architecture from Intel used in a few high-end servers and high-performance computers.)

Major operating systems for x86 include , , , , , …

34 questions
4
votes
0 answers

What is known about the latest vulnerability related to Linux Page Table Isolation patches?

Recently, on Hacker News front page, there was a post mentioning a new vulnerability that seems to affect Intel processors. The post is mostly speculation and there is no PoC or an exploit that I'm aware of. While the article is unclear to me, it…
d33tah
  • 6,524
  • 8
  • 38
  • 60
4
votes
2 answers

Buffer Overflow doesn't have enough space for exploit after being crashed

So I'm trying to write a buffer overflow for a knowingly vulnerable server application, I want to learn how to do this on my own and just want some direction. I'm watching it in immunity debugger on the server and have control over the ECX, EBP, and…
Hadoken
  • 53
  • 2
  • 7
4
votes
2 answers

What lies behind this complicated shellcode on linux?

It's pretty much my first time playing around with a buffer overflow exploit. I've written a simple C program that is vulnerable to buffer overflows: #include #include #include void main() { char* filename =…
Kfir Eichenblat
  • 143
  • 5
4
votes
2 answers

Is dereferencing a null pointer in C a security risk if the program isn’t a daemon, but a small script lauched as a separate process for each request?

The following code is part of a program that is spawned at every request by the nginx’s ruby on rails script : static void time_t_to_dos_time(time_t user_supplied_time_t, int *dos_date, int *dos_time) { struct tm *t =…
user2284570
  • 1,402
  • 1
  • 14
  • 33
3
votes
3 answers

Exploit a buffer overflow without SIGSEGV

For my studies I try to create a payload so that it overflows the buffer and calls a "secret" function called "target" This is the code I use for testing on an i686 #include "stdio.h" #include "string.h" void target() { printf("target\n"); } void…
Chris
  • 131
  • 2
3
votes
2 answers

Where can I find information about how to implement Intel embedded AES256 encryption?

I heard this can really speed up encryption performance, but I can't find any good information about how to implement it.
Dan
  • 59
  • 1
  • 3
3
votes
1 answer

Defeating ROP attacks in x86

Most defense techniques against ROP revolves around randomization, such as ASLR. If I mark all regions of memory, other than the code segment, non-executable, will this defeat ROP?
George
  • 739
  • 1
  • 6
  • 22
2
votes
1 answer

C library functions in statically linked ELF32 binary no longer use int 0x80

I've been practicing shell coding on Linux for a while. I used a VM to develop and test my shell code. The VM ran inside VMware workstation 12 pro, on Windows 10. Everything was fine and I could use the usual int 0x80 to switch to kernel mode until…
user148898
  • 113
  • 1
  • 10
2
votes
1 answer

ROP payload layout confusion

I was reading an article (exploitresearch.wordpress.com) about using ROP to bypass DEP/ASLR. Near the end he lays out the 33 steps for his payload. These are layed out in the order that the shellcode instructions are written in the final payload…
Nitro
  • 189
  • 1
  • 8
2
votes
1 answer

Is using IsBadReadPtr and IsBadWritePtr considered to be insecure?

I am auditing (reverse engineering) an x86 C++ application without source code. Static analysis revealed that the application is using the IsBadReadPtr and IsBadWritePtr Win32 functions in almost ALL cases, to check the function parameters. So,…
madmax25
  • 21
  • 2
2
votes
1 answer

Defeating code injection attacks in x86

In x86 systems, there are three requirements for a code injection attack to work: write attack payload to memory attack payload to be executable divert control-flow to payload How can we prevent 2) attack payload to be executable so as to defend…
George
  • 739
  • 1
  • 6
  • 22
1
vote
2 answers

Can a meltdown attack also violate data integrity of other processes or is it just violating data secrecy?

Can a meltdown attack also violate data integrity of other processes by obtaining different passwords or is it just violating data secrecy by reading data it is unauthorized to do?
Minh Nguyen Nhat
  • 11
  • 1
1
vote
0 answers

msfvenom: how to output assembly of windows payload for inline assembly in C?

My goal is to obfuscate metasploit windows payloads' assembly code (adding junk code to the payload itself), then adding the obfuscated shellcode to inline assembly in C. The issue is there is no format command line argument (-f) that provides an…
pokkery98
  • 11
  • 1
1
vote
0 answers

Buffer bomb level 3 - Prevent stack corruption

I am trying to complete level 3 of buffer bomb lab. The task is to supply an exploit string that will cause getbuf to return my cookie (0x4b64b076) back to test, rather than the value 1. The exploit code should set the cookie as the return value,…
Helen Grey
  • 111
  • 1
1
vote
2 answers

In Return-Oriented Programming how can the machine execute unaligned instructions?

I am reading "The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)". The author claims that x86 code is like English written without punctuation or spaces, so that the words all run together. This means…
Anthony O
  • 130
  • 3
1
2
3