Introduction

This article serves as my study notes while reading The Shellcoder Handbook 2nd edition.

As I continue learning about shellcode and exploitation, I will document important concepts, techniques, and case studies from the book, along with my own understanding.

⚠️ This is a work-in-progress note.

The content will be continuously updated as I progress through the book.

El Libro

The Shellcoder Handbook

Chapter 2 - Stack Overflows

Buffer

A buffer is defined as a limited, contiguously allocated set of memory. An array is an example of a buffer.

Stack

push 1
push addr var

These two instructions will first place the value 1 on the stack, then place the address of variable VAR on top of it. The stack will look like below:

Chapter 5 - Introduction to Heap Overflows

Most heap overflows corrupts a malloc() data structure to obtain control.

Chapter 6 - The Wild World of Windows

Heaps

Threading

Windows has no fork() (used to spawn a new process in Linux). Instead, CreateProcess() will spawn a new process that has its own memory space.

Because almost all overflows occur in threads, the attacker never knows a valid stack address. This means the attacker almost always uses a return-into-libc-style-libc (although using any DLL, not just libc or the equivalent) to gain control of execution.