Assembly

Course
Time
13 hours 15 minutes
Difficulty
Beginner
CEU/CPE
14

Video Transcription

00:00
Hello. This is Dr Miller and this is Episode 14.4 of Assembly.
00:06
Today we're gonna talk about memory allocation using Malik and then using that within structures and unions using Malik.
00:15
So memory allocation using Malik.
00:18
So we have the function called Malik, which is memory allocate. And it is in standard lib dot h.
00:25
And so what this does is it allows us to dynamically allocate memory.
00:29
And the easiest way is to just allocate memory, which is called Malik.
00:34
If we have some data that we want to resize, we can call Rielle IQ, and so that will change the size. Generally, you'll
00:42
make that size larger so that you can store something bigger than what you initially thought.
00:47
Then we also have Kellock, so that's clear allocate,
00:51
and that will set all of the values to zero.
00:54
And then when you're done using that memory,
00:57
you can give it back. I'm using the function called free, so Malik will allocate the memory and then free will give it back to the heat.
01:06
And so we have this notion that we have the stack which we've talked about in class. We have some sort of
01:11
area of free memory that we can use. So every time we push in pop things from the stack,
01:17
they go into out of that free memory. But then we also have a region called the Heap,
01:22
and so the heat is where we can dynamically allocate memory for maybe we don't need a particular amount any time. So, for example,
01:30
if you have a text editor
01:33
and you want to be able to load one kilobyte files, it might allocate
01:37
one kilobyte worth of memory.
01:40
But if you have a need for less, they one gigabyte of memory, then you can allocate that in the heap without making your program bloated when it's small.
01:49
And then when you do these allocations, you can get a couple of things either a stack overflow or you can run out of memory. So you try and allocate. Memory is Malik, and you don't have any. Or if you have a function that just keeps growing and you just keep calling it over and over again, you can get a stack overflow.
02:05
I'm often due to a mistake,
02:08
so here's an example. So we have
02:12
a value into Pointer called X, and we allocate the size of one integer,
02:16
um, and that would allow us to just store one item. But then we could also have an array.
02:23
And so on array, we would have the size of a manager times how many items we want in there.
02:28
So the size of an int is going to be four bites. And so if we need 100 then we would get 400 bytes for that.
02:37
And then here you can see we're setting index, um, 99 to the value of negative one.
02:45
So here we can see our allocation of memory. And so when we look at the Malik, we can see that it's pushing the number four on top of the stack. And then it's calling Malik. And so that's going to allocate four bites.
02:57
I'm here. It's doing a subtract of 12 so that it can keep the
03:00
memory addresses on even bite boundaries. And then we're going to go ahead and modify
03:06
um E S P by 16. Because that's what we did. We did 12 plus four, and that gives us 16
03:12
and then we can see that the result is stored in a local variable. So e B P minus 12.
03:17
The next one is we set the value of X to 255.
03:22
And so 255 ends up being,
03:24
um,
03:25
right here and so we can see that we load that address, I'm in t X and then we d reference it. And so, with just a regular into pointer, we we end up doing our d reference. And so that's the brackets around E X. And we assigned the value at that location.
03:44
Here we say sizes 100 So sizes E B P minus 16
03:49
and then we're gonna use size in our allocation. And so we go ahead and load that pointer,
03:54
Um, load that value into yea X, and then it ends up doing a shift right on it. So it knows that
04:00
manager is four. And so, instead of multiplying and just as a shift,
04:05
then we again subtract 12 and then push that value of V X. So it should have 100
04:11
and then shifted by the right.
04:13
I'm so it should be 400 that gets pushed onto the stack. And then Malik will allocate that amount of memory.
04:20
But then The interesting part here is that we see that
04:23
in the next slide we're going to go ahead and try and set the array at a specific offset. So in this example,
04:30
um, negative 99 to negative one.
04:33
And so what it's gonna do is it's gonna load that pointer that it saved a T v p minus 20 into yea X.
04:40
And then it's gonna add the offset. So it already calculated 99 times four gives us 296.
04:46
That pointer is updated by doing an ad. And then here we're moving native one into the
04:53
address at that location. And so this is how a standard
04:57
use of Malik is, and so we can see that we have
05:00
some examples of just a single image or pointer, and then we have an entire array
05:04
and from the compiler, those are basically the same thing.
05:09
So, Malik, for structures and unions.
05:12
So here we're just going to use a standard socket is the example.
05:16
And so here we are, allocating some space using the size of a structure socket
05:24
when so here I added a little bit more code so we could kind of see how this works.
05:28
So we can see. Um, here we have a sock call, and we just said it to a value so we could see what it is. So FAA is 250
05:38
so now it's going to go ahead and do the calculation. So it knows what the size of a struck sock,
05:43
um, adder underscore in is and that happens to be 16. So we can see a push of 16
05:48
right here before we do. Our Malik so means that a socket
05:53
at her in
05:54
is 16 bytes.
05:56
So I gets allocated, then get saved at E V P
06:00
minus 16.
06:02
And then here we are calling the function socket.
06:05
And so it's using a F net and sock stream,
06:09
and so you can see that those parameters are set and then we also have a zero. So those air set inside of there, we call the socket.
06:17
And then we saved the value into E. V P minus 12.
06:20
And then again, we're going to load it and do our comparison. So there's a lot packed into this statement here. So, as you can see, that translates to
06:30
quite a bit of Assembly because we have to do the allocation and then also do our compare
06:33
I'm again. It's so uses a shift right by 31. And so that will test that top bit and see if it is a one or not.
06:41
And then I could just use test a l to see if that top it was set or not set.
06:47
So then we see that we're using the D reference or the arrow operator and so we can see the S in
06:54
ah, family. It's it gets set to a F net. And so here we can see that that, um,
07:00
address is loaded into yea X and then we're doing no offset here because this is actually the first
07:05
element of the structure, and we're giving it the value to so f underscore. I net
07:11
has the number two, and so they get saved directly into there.
07:15
But the 2nd 1 we're gonna do is gonna be the sin port
07:18
here,
07:21
and so we can see here. It's during the call to H two n s
07:27
so we can see that's being done at the beginning. But then we can see again. We load the same pointer into,
07:32
um,
07:34
looks like E t X.
07:36
Um, and then we're setting X into that location. So it's E d X plus two,
07:43
and so that plus two means that the port is that offset to,
07:46
and also we can look into the both of these. You can see that it's a word pointer that it's saving to those.
07:51
And so that means that each one of these is two bites. So this is it, offset zero, and then this is offset to.
07:58
And then we can see that it modified the address so that it got offset to inside of there.
08:05
So today we talked about memory allocation using Malik
08:07
and then how that would manifest itself in structures and you unions using Malik
08:15
looking forward, we're going to give some examples and we'll do an example from start to finish using a structure and Malik
08:22
and then for our quiz.
08:24
So here we can see we that we have some code here, So we have a structure. We have a short and end a character and another short
08:33
and so your your job is to figure out what would the offset of CB and what would the offset of DB, so let you go ahead and
08:39
figure those out.
08:45
So if we disassemble it, um, and look at it, we can see that see, has offset of plus eight
08:50
and D has offset of plus 10.
08:54
So remember, you got to figure out how much each one of these is going to take up in space.
08:58
So shorts gonna take up to round up to two. So that will take up four bites, cause an imager is next. We got four and eight,
09:05
and then a character will take up to if it's not followed by another character because the short needs to be on a to bite boundary.
09:15
So questions you can email me, Miller MJ at you and Kate out you to you, and you can find me on Twitter at Milhouse 30.

Up Next

Assembly

This course will provide background and information related to programming in assembly. Assembly is the lowest level programming language which is useful in reverse engineering and malware analysis.

Instructed By

Instructor Profile Image
Matthew Miller
Assistant Professor at the University of Nebraska at Kearney
Instructor