Syscalls, Kernel vs. User Mode and Linux Kernel Source Code - bin 0x09
HTML-код
- Опубликовано: 2 июн 2024
- We will have a look at what syscalls are and what it has to do with the kernel mode an user mode. We do this by exploring a kernel function and trace it down to the assembler level.
join the discussion: / 0x09_syscalls_kernel_v...
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
It was sure I/Opening :D
Dad joke, huh? Nice.
It sure was*
Lol
Eat shit, that joke was horrible /j
OH BROTHER THIS GUY STINKS!
It's a shame you have so little views.
I think your videos are awesome!
It's very hard to get into "hacking" or basically understanding how computers really work in a fun way.
I appreciate your effort to make this knowledge easier to acquire.
Thank you!
+Shalev Keren Thank you very much! You can help sharing it with other people who might be interested in it :)
not any more
@@LiveOverflow hey. thanks for making this video.
Lol
I thought Linux kernel was complicated.
Now I'm sure.
Actually it's the simpler it can be, computing is complex and providing a safe reliable bed for applications to run, live and exit is indeed... Magic. Highest rank of Computer Magic.
Your English is quite clear and easy to understand by non-native English users
9:06 "Imagine if a process try to read some secrets from another process". A few days ago (January 2018) the google project zero team discovered a bug that does exactly this (meltdown and spectre) hahahaha
Gee, I wonder what they needed this vulnerability for :q
Wow...
@@alojzybabel4153 It's a hardware vulnerability. It had nothing to do with google. Blame intel and arm.
this wasn't google, the core behind spectre has been known for quite a while (paper published in ~2003). it's also not "intel and arm"'s fault; it's just a fault of the entire architecture. spectre involves cache speculation being obviously faster than just random accessing of memory; you can use the CPU's cache speculation to read memory in a process that is not yours because it works above paging and the time difference between reading something which is cached and which is not-so could be catastrophically huge.
it's a fault of the von neumann architecture as a whole. while he did envision that "near instantaneous accessible memory" was required for his architecture he never saw the fact that with an electronic computer (that is able to do shit almost instantly) the sheer size of any memory would be a hinderance, and the mere millimeters that it exists away from the cpu would bottleneck instructions to the point that you can execute millions of instructions before certain pieces of data are returned in a fetch.
in our greed for speed, we implemented caching in such a way that it breaks another concept we implemented around about the same time (paging). i'm sure we sorta also violated von neumann's vision - a computer program not being able to read the entirety of the memory available to it? that's just silly.
Your videos are very good. I have searched and watched many videos on the topic in matter and your work is what exactly i was looking for. Well explained terms, examples with live hands-on-keyboard, short length, references from books used, no sleepy voicing and many more. Your videos are an example of how video tutorials-lectures should be made. Congrats
This is amazing, never seen a video before that actually links all these concepts together, this gave me a totally new point of view on this as a student, thank you!
im learning a lot from your videos, thanks for taking the time to make them, i appreciate it
+mylampdatabases thank you for those kind words :) If you have any topics you are interested in, or a topic that was too confusing and you need more information, please give me feedback
+LiveOverflow please talk about softirq and tasklets :)
It could be really cool to have a video about badass bash coding.
This is more my speed. A lot of condensed information in a short time here. Definitely going to have to wake up and drink another cup of coffee before watching it again.
no matter how many times I come back to this playlist, I always learn something new🙌
I love your videos. It is good to dive into topics like this sometimes. It is a taster that makes me want more.
you are amazing!. this compliment is not for what i learn from your videos. it is for your way of explanation. because, even some topics i don't understand my temptation doesn't stop me that not see your videos. #LiveOverflow is one of the best channel i am following thank you.
Very clear and easy to follow, thanks heaps. I know you briefly touched on how to implement a call but perhaps a quick live demonstration would be the only thing missing. Again, awesome work.
Great series so far. You are the first person I have found that goes deep enough to make me think, but not to the point of confusion. I appreciate what you are doing, keep up the good work!
just realized that this video was made a long while ago. All the same, thanks for the content!
awesome video man, in-depth and easy to understand
I always new about Ring0 and Ring3 but I never knew the technical side. Thanks for the useful information and the deadly rabbit hole you just got me in!
AWESOME!!! So clear and compact! ... thanks for being so smart and communicative! :D
watched 2 times to get the grasp of it. Man it was really profound amount of knowledge.
LiveOverflow....I just see your 1st video.................Damn Its awesome :-)
this is exactly I was looking for, thank you!
I started learning the assembly and found it really difficult. Hope watching your video will help me more in learning :D
This video is very good and you are really good at explaining complex stuff. This of course requires making some simplifications and it's quite easy to make things wrong when you do that. Claiming that the mov instruction inside of __get_user_asm is an example. While this is possible, its not what will usually happen. In most cases the page will be available in the memory (won't be swapped out) and no page fault will be done. As you explained before, resolving virtual addresses is done transparently by MMU, which is reprogrammed each time a process is scheduled.
+Krzysztof Adamski thanks for the additional info. I don't know the low level kernel stuff too much but was hoping that it's enough to create some intuition for it.
@@LiveOverflow if i supply a virtual address to copy_from_user and eventually there will be the mov when the process hits that mov won't the MMU translate automatically the virtual address into a physical one?
@@niente11111111111111 that is exactly what the original comment said
This one was very interesting! Thanks for this one =D
Great introduction. Thanks for sharing !
Your videos are fantastic!
first time i watched this video few month ago i didn't quite understood everything
learnt assembly recently and now i'm like "bruh its the basics"
but thanks anyway you made few things more clear
0:50 the funny thing about calling them an interface between things, is that the interface itself must then exist in a domain of its own (otherwise it isn't an "interface" but part of one "face" inside another - difference is crucial), of course being again either user or kernel land. In reality syscall implementation always exists in both of course.
This is excellent! At the level I wanted to know.
Thanks! Your videos are invaluable!
strace just blew my mind.
I was always afraid of binary exploitation and stuff around binaries.
I really appreciate your work here.
Thanks for the big help. As you said, I got lost in your series and wonder what I can get more in this video series.
nice , but you wrong at 11:57 there will be no page fault ( only happen on special cases like addresses not belong to the process address space or swapped ) kernel will be mapped across all processes ( but protected from access ) so kernel can access process memory just by VA and MMU will convert to PA as usual
Simple and honest ! thaaaank youuu ! great great great !
Still a good series! Can recommend this to everyone!
Great video thanks. Very detailed contents. The author did a great job.
Fantastic intro to syscalls!
Great video, a thumbs up 👍
this channel is a blessing
You want feedback? Here is the fb. You job is really good! Very clear and good enough !
RDMSR(Read MSR) is a kernel level command how it can be execute in user mode,so there is much detail you are missing but its a great video
Superb explaination
I'm at some grey area between n00b and leet.... and I these videos are neither too simple nor too complicated for me.. NICE!
Amazing Content !!!
thank i love your video~ please do more
bruh and i thought learning this is hard lmao thanks for the ez explaining ❤️
This is great. Thanks!
One of the best playlists for hackers...And the best playlist for reverse engineering!!!
And I am sad that this playlists have less views than the other stupid hack vdos..where most of them are fake ones ..And most of them are like making use of tools which contributes 0% to computer knowledge which are making backdoor and getting control of data..Hacking is something far than that.......This channel teaches us the real skills required for hacking like knowing the inner working of computer and how do they process data and how can you trick the computer.. Most channel teaches us how to do it..But this channel teaches how to do it and why did this happen..And huge respects to this man who did this vdos free for us to watch .May ur channel grows exponentially over time..And really sorry bcoz of posting the comment after u have asked the feedback ..Ur teaching is really great dude.And pls make a new playlist for web application penetration testing by starting from sql injection to advanced web application attacks ..Pls sir ur teaching is really gud ..And btw i am a great fan of ur vlogs
Great video, thanks
Wow. That was awesome 👍
that's a really great video
Great Great Great Video.. Thanks a lot..
hey liveoverflow, du bist mein totemtier :D
sehr gutes video!
Very cool video :)
wow!!. Thank you very much!.
Enjoying your instruction on Lennox Cisco's sir!
what is Lennox Cisco?
Great videos! Although you are right in making assumptions that we understand what is clear to you, this makes us read more in detail about this. (And when you do this, it does not create any big gaps in - my - understanding.) For example the reverse engineering of the license check program, which I did not understand fully to begin with.
Thank you!
I would like to see some videos about reverse engineering in general, to help make life easier. Keep on doing this please!
+four0 two1 could you elaborate on "reverse engineering in general"? What is your imagination of reverse engineering? Any particular example in mind? I reverse engineered a simple C program with the license check. But you could also reverse engineer a protocol. Or hardware. Or a fileformat... etc
I would like to know everything. So maybe some more advanced examples of code in C, Python and ASM? Because I am not really educated enough on such subjects to make good guesses on what code do.
I did not understand the syscall code part.
Not your fault.. I m a noob linux kernal programming
It inspires Me to Start learning more about these Thanks
i love youre videos :)
i love you man
awesome video
wow great video
You videos are way too good. Can't believe i have'nt found more than 2.5 years.
Awesome content just awesome
Thank u so much
I guess I am not ready for this yet.. but I will come again soon :)
Just awesome.
Around 3:20: FWIW, I think `puts` would probably have much less wrapper overhead than `printf`, since it doesn't have to do all the format string parsing and processing.
thank you!
I've watched some hacking videos of yours. I was amazed by your pace! You're 1337 . You deserve more subscriber(I know you don't need that). You show everything so precisely!!! Respect 👍👍
@3:00 Is it possible to just skip to 'syscall' instead of stepping through each instruction?
Thanks!
Is it that Vic20 or Commodore64 dont have these rings, but you can write and run which opcode you want? Then 486 already has those rings and this applies...
Excellent. Should i see the former videos to understand this?
I love your videos, can you do a video going over the Memory Sinkhole issue on x86 intel chips. I saw a video on it but I would love to see the code to make it happen.
What I'm confused about is how userland programs execute a privileged cpu opcode. Example, get the value of opcode RDPMC (x86)
#include
int main() {
unsigned long long int x;
__asm__ volatile (".byte 0x0f, 0x31" : "=A" (x));
printf("x = %lld
", x);
}
---------------------
does this cause a general protection fault and the kernel 'runs' this ?
I hope to someday have a basic understandig of the linux kernel.
Video reinforces how much I still need to learn.
My brain overheated for a good reason.
You recommend some documentation but it's good to paste links for them in the description of video.
At 5:24 we load the number corresponding to the write syscall. Would it be possible using a debugger (or something else?) to change what is loaded into eax and make the syscall invoke another function?
Yeah, definitely. The result would be quite random tho, as the different syscall signatures can differ a lot.
Thanks
if you reach this error `implicit declaration of function ‘write’` when compile `write_test.c` just add `#include `
It's ~9 years that I'm learning about computers. so, I already know something.
I was thinking how many years I would have saved if there was someone to teach me these things as you do.
please go on with this series.
and if you have some experience in embedded systems security, please share it with us.
It would be fun to hack into things and learn how to write more secure code.
tnx
god, this is awsome
the world is wide and genius are abundant
12:30 very true words
And how did you exactly learn all of this? Just from reading documentations??
2:47 what version of radare2 is this ? how did you get this view ?
never mind turns out i had an old version..
Basically what that means is the kernal gives some address space to each process and this chunk of address space is called as linear address in that process, Right?
Thank you. Is there a book or a resource where can i learn this kind of stuffs deeply ?
Hey there, yes here are the two books you'll get the most of it from.
Modern Operating Systems, by Andrew S. Tanenbaum;
The Linux Programming Interface
, by Michael Kerrisk.
yeah, thank you
I understood barely a 10% of that, but very interesting
Hi are there any other things books that can help me understand the Memory - -and kernel basics
I would like to see such a deep dive for hypervisor. and maybe compare with this. PS: how can I give double or triple likes to a video?
Where did you learn all this? All by yourself or somewhere in university?
+Borgimanio Mostly by myself. I studied computer science and I went to an IT school. So those lectures certainly provided some information that helped to get me started.
Is it possible to write root exploit with this ?? Just a question still I am a learner
@3:42 Where does the address stored in IA32__LSTARMSR POINT TO.? I mean what does that address contain?
Best video ever! Thanks. Just didn't get at 6:48 when it shows four gdb windows and the note says "look at the address of main() it's always 0x4005db"
@LiveOverflow, what books do you refer to learn all this cool stuff ? And how do you know what to learn ?
Why length is 5? What is about the Null Byte?
really well explained! sind Sie Deutsch?
metaldownm denke nicht
metaldownm doch jst er
metaldownm 110 prozent