Thanks for making this so clear and giving the example. I'd managed to understand the basic concept before I saw your video, but I'd never really seen any examples. Thanks Engineer Man.
Thank you for this video. I recently fount out about your channel in Reddit and it's really awesome. Most of the tutorials are stuck in beginner level. Your content is going great, keep up the good work. And, I am trying to learn socket programming in C, if you were to do socket programming that would be great :)
Thanks for the kind words. I do need to do more advanced topics as I feel I'm neglecting that audience a little. I've been working on a small toy web server as a personal side project here: github.com/ebrian/bserve There's a lot of fundamentals for sockets. I'll certainly do an Engineer Man video on the subject, too. Enjoy!
Thanks for replying this fast and linking your project. I will look into it :) For advanced topics I would want to see some memory allocating and memory padding on structs. I saw this topic in "Deep C" slideshow on slideshare, but I couldn't understand it really. And there are a lot of 32-bit, 64-bit arcitechture differences on memory allocating so it would be a good topic too, I think.
I'll check it out. The C playlist is more of a way to just categorize everything. That one wasn't meant to be in any particular order. If it does appear to be in any order, that's purely by luck lol.
Hi! I really do like your work keep on!! I just had one question : Why the first buffer is modified in the second case? Because it his "behind" in term of placement in the memory it shouldn't change... O.o
Thanks a lot for these videos, i'm currently into Linux programming and learning Posix standard. I'm enjoying these videos. I wish you could do more about Linux syscalls and tools like message queues, pipes, Fifos, signals and so on
My pleasure! The focus on this channel has narrowed down to C and Linux, so definitely expect to see videos covering subject matter related to those topics in the future!
Cool video, totally don't know about any of this and it's really interesting. Can you do a video on how to diagnose memory corruption or maybe how to use debugging tools? The Devs at my company have made a bunch of fragile junk and can't seem to fix it and I want to try my hand at it. I'd say I'm probably a novice with no Assembly knowledge.
I am trying this on sublime text, and using the code provided in your github. When I run this, I get illegal instruction 4 ( and I tried it with the no stack. any idea? Thanks!
It's not quite correct that running a few bytes past the end of the stack buffer, triggering the segfault, is actually coming from the OS. The default stack size is around 1MB and this overflow is running into memory which is still allocated to the process... It's just out of bounds of the buffer. The stack grows downward in memory address and this copy would overflow in the memory-upwards direction, which would definitely still be in the process' allocated stack space and not in the memory space of another process or OS.
that is why it is called as corruption yeah canaries would be set to crash the program, but without canaries? it would overwrite stack metadata and code execution can happen
Hey Everyone ! I have a question . If the OS is not going to allow you to overwrite to other bytes ,other than the ones u are allowed to , why would this be a problem? We need to be carefull with our projects , but what is the problem if the OS is going to stop anything that will try to destroy it ? Thanks in advance
The problem is that vulnerable programs could be used to do malicious things. Imagine if SSH was vulnerable to heap corruption allowing people to log in without credentials. While this doesn't harm the system, per se, it doesn't allow an unknown party to take control of a machine.
@@EngineerMan Oooo Yes , Yes . Now i get the idea . Its not always about the system . Thank you a lot Engineering Man . I find your videos very usefull ! Having in mind the quick and powerfull replay is also a plus . U won a new subscriber :) Keep up the good work Engineering MAN !!! Greetings from Bulgaria , and thanks again !
As he said, even though there was buffer overflow he was still accessing the space of the same program. Compiler is going to throw an error when he tries to access the memory space of some other program.
Thanks for making this so clear and giving the example. I'd managed to understand the basic concept before I saw your video, but I'd never really seen any examples. Thanks Engineer Man.
Great little explanation of buffer overflows and a little insight into the stack/heap distinction too, packed neatly into a short 5 min vid! Thanks :)
One of the best on BufferOverFlow
Really fantastic. Thanks so much. Maybe the best and most succinct explanation I've heard yet.
Thank you for this video. I recently fount out about your channel in Reddit and it's really awesome. Most of the tutorials are stuck in beginner level. Your content is going great, keep up the good work.
And, I am trying to learn socket programming in C, if you were to do socket programming that would be great :)
Thanks for the kind words. I do need to do more advanced topics as I feel I'm neglecting that audience a little.
I've been working on a small toy web server as a personal side project here:
github.com/ebrian/bserve
There's a lot of fundamentals for sockets. I'll certainly do an Engineer Man video on the subject, too.
Enjoy!
Thanks for replying this fast and linking your project. I will look into it :)
For advanced topics I would want to see some memory allocating and memory padding on structs. I saw this topic in "Deep C" slideshow on slideshare, but I couldn't understand it really. And there are a lot of 32-bit, 64-bit arcitechture differences on memory allocating so it would be a good topic too, I think.
why don't you fucking google your questions instead of begging for free content.
Hello friend, he's not begging. I make mention at the end of all my videos to make requests if people have them. No worries :)
Because Engineer Man can provide a better tutorial than 99% of what's out there on the Internet.
OMG! so great explanation, time saving, but i wish if you went into heap aswell! good job!
Nice videos have been watching most of them. Keep up the good content!
Glad you're enjoying them!
awesome work, Engineer Man. Keep it coming !!
Thanks for the simple explanation
Hey mate, I'm watching the C playlist and I think the first and second videos should be switched in order.
Great content! Thanks.
I'll check it out. The C playlist is more of a way to just categorize everything. That one wasn't meant to be in any particular order. If it does appear to be in any order, that's purely by luck lol.
Hi! I really do like your work keep on!!
I just had one question :
Why the first buffer is modified in the second case? Because it his "behind" in term of placement in the memory it shouldn't change... O.o
Wanted to see the heap corruption example. Also a core dump analysis video in future
Thanks a lot for these videos, i'm currently into Linux programming and learning Posix standard. I'm enjoying these videos.
I wish you could do more about Linux syscalls and tools like message queues, pipes, Fifos, signals and so on
My pleasure! The focus on this channel has narrowed down to C and Linux, so definitely expect to see videos covering subject matter related to those topics in the future!
Thanks, I don't see lots of good tutorials on this topic out there.
This playlist is awesome. Q: is the void pointer cast on lines 26 and 26 of the video necessary? Malloc returns a void pointer
Cool video, totally don't know about any of this and it's really interesting. Can you do a video on how to diagnose memory corruption or maybe how to use debugging tools? The Devs at my company have made a bunch of fragile junk and can't seem to fix it and I want to try my hand at it. I'd say I'm probably a novice with no Assembly knowledge.
It was perfect
Thank you so much
What’s the difference between stacks and heaps? Great video.
I'm curious, what editor are you using in linux?
Can you create the video for Heap as well? I copied your code and play around with it and can't get to overflow condition in my 32 bit Ubuntu
Excellent!
I am trying this on sublime text, and using the code provided in your github. When I run this, I get illegal instruction 4 ( and I tried it with the no stack. any idea? Thanks!
simple and great !!
What about manipulating heap overflow in order to actually execute spurious codes?
It's not quite correct that running a few bytes past the end of the stack buffer, triggering the segfault, is actually coming from the OS. The default stack size is around 1MB and this overflow is running into memory which is still allocated to the process... It's just out of bounds of the buffer. The stack grows downward in memory address and this copy would overflow in the memory-upwards direction, which would definitely still be in the process' allocated stack space and not in the memory space of another process or OS.
that is why it is called as corruption
yeah canaries would be set to crash the program, but without canaries? it would overwrite stack metadata and code execution can happen
Could you explain Stack and Heap specifically?
why is authorized only 0x10+0xC or 28 bytes away instead of 32 bytes, signed integers for 32 bit should be 32 bytes no?
i hope that will be helpfull for Nocera's exam
Graet!
Hey Everyone ! I have a question .
If the OS is not going to allow you to overwrite to other bytes ,other than the ones u are allowed to , why would this be a problem? We need to be carefull with our projects , but what is the problem if the OS is going to stop anything that will try to destroy it ?
Thanks in advance
The problem is that vulnerable programs could be used to do malicious things. Imagine if SSH was vulnerable to heap corruption allowing people to log in without credentials. While this doesn't harm the system, per se, it doesn't allow an unknown party to take control of a machine.
@@EngineerMan Oooo Yes , Yes . Now i get the idea . Its not always about the system . Thank you a lot Engineering Man . I find your videos very usefull ! Having in mind the quick and powerfull replay is also a plus . U won a new subscriber :)
Keep up the good work Engineering MAN !!!
Greetings from Bulgaria , and thanks again !
Succinct. Thanks so much.
Why does the compiler not detect this when compiling???
As he said, even though there was buffer overflow he was still accessing the space of the same program. Compiler is going to throw an error when he tries to access the memory space of some other program.
Why some games in my phone closed due to stack corruption...
600 likes
your room is so empty
It's technically my dining room, but I just assume use it as an office.