Pointers and Dynamic Memory – Stack and StackOverflow

From the article Pointers and Dynamic Memory – Part1, I made a little introduction of Pointers and a brief overview of Dynamic memory. In this article, we will get into some more details of Stack and StackOverflow in the context of Pointers and Dynamic memory.

Let’s see a simple C program which we can use to see what happens in memory when it executes

#include<stdio.h>
 int total;
 int square(int x)
 {
     return x*x;
 }
 int SquareSum( int x, int y)
 {
      int z = square(x+y);
      return z;
 }
 int main()
 {
      int a=10, int b=20;
      total = SquareSum(a,b);
      printf(“Output = %d”, total);
 }

From the program, we can see that there is a function that gives the Square of a number and another function that gives the square of the sum. In the Main method, the square of the sum is passed through the arguments a and b.

Like I mentioned in the previous article, Stack is reserved for function calls and local variables and Static means the global variables that are not stored inside the variables. From the C code, this can be interpreted under Stack and Static.

  1. When the main method is invoked, some amount of the memory is allocated to the Stack for execution of main() as described in the Yellow box.
  2. The total is a global variable so it gets into the Static section.
  3. All local variables, arguments and the information where the function main should return are stored within the stack frame. The size of the stack frame for a method is calculated when the program is compiling.
  4. Now, when main calls SquareSum method, then a stack frame is allocated for the call SquareSum.
  5. All the variables x, y, and z will sit in the same stack frame.
  6. The function sum of the square that is “square” will also be found in the Stack frame and it will have its own local variables.

When the program executes, the function at the top of the stack keeps on executing the rest are in a “pause mode” waiting for other function to return something before it resumes execution. When the whole program finishes executing, the stack and static frame get cleared. Remember, a global variable should only be set with the aim to use it for a whole lifetime of the program, otherwise, it will be a waste of memory. The global variable used in this program has been done deliberately to understand the concept.

Another interesting issue is that when the program starts, by default, the operating system will reserve some amount of space on the stack. When there are functions in a stack calling other functions until there is no memory available in the stack, its called “StackOverflow” which consequently crashes the whole program. For example, a bad program having bad recursion codes. In brief, there are limitations to stack.


Pointers and Dynamic Memory – An introduction

Some crucial part to know about memory are Pointers and Dynamic memory to troubleshoot within the infrastructure of the memory. To grasp how pointers work, we need to understand how data types are stored in computer memory. When a program executes, memory is interpreted as RAM. Let’s say we have a 1GB RAM. Each byte in the memory has an address. We can interpret it as each part of a human memory having its neurons associated with parts of your body.

10649895_1276359969046339_6283119763362422098_n

The first byte of the memory has an address called Zero. The Addresses of each byte keeps on incrementing the more you move on to a different level of bytes within the memory architecture. Memory, when assigned to a program, can be divided into four segments that are HEAP (pool of memory), STACK (function calls and local variables), STATIC (global variables – not stored inside a function) and CODE (instructions).

Now, let’s say we have to declare a variable in our program. For example, a variable called “a” of type integer – int a; the computer allocates a certain amount of memory for a particular variable and depending on how many data types are used, the memory will be allocated accordingly. However, there are other aspects to be taken into consideration by the computer to allocate more memory. Ex. the compiler itself.

A pointer acts as a variable that stores the address of another variable. How? Integer A is allocated to address 100, 101, 102, 103. The computer will query its lookup table where the information is stored.


cyberstorm.mu is promoting Signal

“Going further and beyond” –  That’s the motto of cyberstorm.mu. Indeed, there are many people everywhere calling themselves professionals where the fact is that they are merely wearing a mask showing off in the public. I would also claim that no one is perfect in the field of It and Security, however, acceptance of oneself and move on to another stage is the real goal.

photo credits: cyberstorm.mu
photo credits: cyberstorm.mu

What and why Signal? I posted an article yesterday to elaborate on the application. Well, cyberstorm.mu is not only promoting Signal but many free and open source security software such as Tor, Bitcoins and many others to liberate each and everyone from this sick society where governments are spying on your personal stuff. I made some research on Signal and conclude that this is indeed amazing!

With the help of Logan, member, and contributor of cyberstorm.mu, I made an audit of the Signal code and noticed that some improvements can be made on one of the libraries. A remote hacker can probe the memory and harvest the sensitive information.

The logic  – Data (an example could be cryptographic keys) in memory is not always needed because someone can look for ways to exploit the data. An analogy is that it’s like washing your keyboard after entering your password so that people cannot collect your fingerprints to steal it. In other words, a code execution can be done at the memory level to penetrate your system. To mitigate this attack, zeroing buffers which contained sensitive information is an exploit mitigation technique. Let me take an example: Imagine you are a hacker and you can see what is in the RAM of your victim. Then you can see passwords and everything else. Then it’s better to delete them if they are not going to be used or rather fill it in with wrong passwords to trick the hackers.

In a technical term, the idea is to overwrite the variable when you are about to get rid of it so that other programs cannot detect what was there. The key is not to have the secret data present in the memory longer than necessary. However, what you overwrite might matter, but what is overwritten is the key to keep it secret. So let’s see how to put Zeroes in RAM to erase what was there before. Keep in mind, it has nothing to do with overflows.

Do check out the pull requests and commit at https://github.com/WhisperSystems/libaxolotl-c/pulls


Signal – Privacy is possible with SMS encryption

Phone calls and SMS privacy are now possible with Signal. What is ‘Signal‘? “Signal has been designed for the mobile environment from the ground up. Messages and incoming calls are fully asynchronous; push notifications to let you know when new messages have arrived, so they’ll be waiting for you if the app is in the background, your battery dies, or you temporarily lose service.” – WhisperSystems

Photo credits: Mike Williamson
Photo credits: Mike Williamson

It is believed that the Government of Mauritius and other government entities around the world have been tapping into phone lines since a while and some years back this issue has also been revealed on Mauritian newspapers.  So, how do you get away from these entities trying to peak their noes into your private life? The ultimate answer is “Signal” which has been developed by the Open Whisper Systems Team.

“Use anything by Open Whisper Systems”Edward Snowden, whistleblower, and privacy advocate

“I am regularly impressed with the thought and care put into both the security and the usability of this app. It’s my first choice for an encrypted conversation.” – Bruce Schneier, internationally renowned security technologist.

The signal is freely available and compatible for almost all Android devices as well as Apple mobile phones. It supports SMS and voice calls encryption even if you are on a 3G/4G network. However, you need to assure yourself that all parties engaged in a conversation are using Signal to be secure on all sides.

You cannot assure yourself to be secure if encrypted communication is one-sided.

My next article is going to be dedicated to the cyberstorm.mu team of Mauritius.


Starting up with some basics of C programming – Hello world- Part 1

phoTo get started with C programming language, there are several basics to grasp in the code structure. In this article, I will elaborate on the anatomy of a simple “hello world” program. The program will just display the words “hello world” through the code. There is also a free book available by Dennis Ritchie, who is the inventor of the C programming language.

Let us see this piece of code :

#include <stdio.h>

#include <stdlib.h>

int main()

{

   printf("hello world!\n");

   return 0;

}

The int main () is a function and the line printf(“hello world!\n”); and return 0; are instructions within the function.

The ‘include’ lines #include <stdio.h> and #include <stdlib.h> are files which are included to get some basic functions within the code itself. The aim is to include some built-in functionality into the hello world program.

On your Linux terminal, you just need to save the file as hello.c, set it as executable and run it with the command gcc -o hello hello.c You will notice a file called hello has been created! You can run it as ./hello to find the result ‘hello world’.