C & C++

C Fundamentals

Before you start reversing binaries and analyzing compiled code, it's crucial to have a solid understanding of the foundational concepts that will come up repeatedly during the process:

`Library Functions`

`Memory Management`

malloc(): Allocates a block of memory of a specified size. It returns a pointer to the first byte of the allocated memory, or NULL if the allocation fails.
free(): Releases a block of memory that was previously allocated by malloc() or calloc(). Failing to free memory leads to memory leaks.
realloc(): Resizes a previously allocated block of memory. It can expand or shrink the memory block. If the reallocation is successful, it returns a pointer to the new memory location.

String Manipulation

strcpy(): Copies a null-terminated string from the source to the destination. It is unsafe and can lead to buffer overflows if not used carefully.
strncpy(): Copies up to n characters from one string to another. It is safer than strcpy() as it prevents buffer overflows (but still requires caution to avoid truncating strings).
strcmp(): Compares two strings lexicographically. It returns 0 if the strings are identical, a positive value if the first string is lexicographically greater, or a negative value if the second string is greater.
strlen(): Returns the length of a null-terminated string, excluding the null terminator. It’s used frequently to determine the size of buffers or strings.

`File I/O`

fopen(): Opens a file for reading, writing, or both, depending on the mode. It returns a pointer to a FILE object that represents the open file.
fclose(): Closes an open file. Always ensure files are closed after use to avoid memory leaks or file locking issues.
fread(): Reads data from an open file stream into a buffer. The size of the data read is specified by the user.
fwrite(): Writes data to an open file stream from a buffer.

`Input/Output`

printf(): Prints formatted output to the standard output (stdout). It supports various format specifiers for formatting strings, integers, floating-point numbers, etc.
scanf(): Reads formatted input from the standard input (stdin). It allows the user to provide input in a specified format.
puts(): Writes a string to the standard output (stdout) followed by a newline. It is a simpler version of printf().
getchar(): Reads a single character from the standard input (stdin). It is often used in simple input scenarios

`System Calls`

`Process Management`

fork(): Creates a new process by duplicating the calling process. The new process is a child process and has its own memory space.
execvp(): Replaces the current process with a new one. It executes the command specified by the argument (often used in combination with fork()).
exit(): Terminates the calling process and returns an exit status to the operating system. It is often used at the end of a program or when a fatal error occurs.
setuid(): Sets the user ID (UID) for the calling process. A common use is to escalate privileges (e.g., setting the UID to 0 for root privileges).
getuid(): Returns the UID of the calling process.

`Memory Management`

mmap(): Maps files or devices into memory. It is commonly used for memory-mapped files or to allocate large blocks of memory for a program.
brk(): Used to control the end of the data (heap) segment. It’s an older memory management function, and it is rarely used in modern programs.
sbrk(): Moves the program’s break (end of the data segment) by a specified increment. Like brk(), it is an older memory management system call and not commonly used in newer programs.

`File Operations`

open(): Opens a file (or creates it if it doesn't exist) for reading, writing, or both. Returns a file descriptor, which is used for other operations (e.g., read(), write()).
read(): Reads data from a file descriptor into a buffer. Returns the number of bytes read, or -1 on error.
write(): Writes data from a buffer to a file descriptor. Returns the number of bytes written, or -1 on error.
close(): Closes a file descriptor, freeing up system resources associated with it.

`Signals`

Used to handle asynchronous events in a process, such as interruptions, timeouts, or the termination of child processes.
They allow programs to respond to events without explicitly checking for them in the main execution flow:
- signal(): Sets a handler function for a particular signal. For example, you can set a custom handler for SIGINT to catch interrupt signals (like Ctrl+C).
- kill(): Sends a signal to a process. It can be used to terminate processes or trigger specific handlers.
- SIGCHLD: Sent to a parent process when a child process terminates. This is useful for handling child process lifecycles (e.g., in process management).
- SIGINT: Sent when a user interrupts a process (e.g., pressing Ctrl+C). It is typically used to terminate processes.
- SIGSEGV: Sent when a program attempts to access memory that it is not allowed to (segmentation fault). It usually indicates a bug in the program, like a null pointer dereference.
- SIGKILL: A signal that immediately terminates a process. Unlike SIGTERM, the process cannot catch or ignore SIGKILL

PreviousPython Essentials NextWeb APIs

Last updated 2 months ago

C & C++

C Fundamentals

Before you start reversing binaries and analyzing compiled code, it's crucial to have a solid understanding of the foundational concepts that will come up repeatedly during the process:

`Library Functions`

`Memory Management`

malloc(): Allocates a block of memory of a specified size. It returns a pointer to the first byte of the allocated memory, or NULL if the allocation fails.
free(): Releases a block of memory that was previously allocated by malloc() or calloc(). Failing to free memory leads to memory leaks.
realloc(): Resizes a previously allocated block of memory. It can expand or shrink the memory block. If the reallocation is successful, it returns a pointer to the new memory location.

String Manipulation

strcpy(): Copies a null-terminated string from the source to the destination. It is unsafe and can lead to buffer overflows if not used carefully.
strncpy(): Copies up to n characters from one string to another. It is safer than strcpy() as it prevents buffer overflows (but still requires caution to avoid truncating strings).
strcmp(): Compares two strings lexicographically. It returns 0 if the strings are identical, a positive value if the first string is lexicographically greater, or a negative value if the second string is greater.
strlen(): Returns the length of a null-terminated string, excluding the null terminator. It’s used frequently to determine the size of buffers or strings.

`File I/O`

fopen(): Opens a file for reading, writing, or both, depending on the mode. It returns a pointer to a FILE object that represents the open file.
fclose(): Closes an open file. Always ensure files are closed after use to avoid memory leaks or file locking issues.
fread(): Reads data from an open file stream into a buffer. The size of the data read is specified by the user.
fwrite(): Writes data to an open file stream from a buffer.

`Input/Output`

printf(): Prints formatted output to the standard output (stdout). It supports various format specifiers for formatting strings, integers, floating-point numbers, etc.
scanf(): Reads formatted input from the standard input (stdin). It allows the user to provide input in a specified format.
puts(): Writes a string to the standard output (stdout) followed by a newline. It is a simpler version of printf().
getchar(): Reads a single character from the standard input (stdin). It is often used in simple input scenarios

`System Calls`

`Process Management`

fork(): Creates a new process by duplicating the calling process. The new process is a child process and has its own memory space.
execvp(): Replaces the current process with a new one. It executes the command specified by the argument (often used in combination with fork()).
exit(): Terminates the calling process and returns an exit status to the operating system. It is often used at the end of a program or when a fatal error occurs.
setuid(): Sets the user ID (UID) for the calling process. A common use is to escalate privileges (e.g., setting the UID to 0 for root privileges).
getuid(): Returns the UID of the calling process.

`Memory Management`

mmap(): Maps files or devices into memory. It is commonly used for memory-mapped files or to allocate large blocks of memory for a program.
brk(): Used to control the end of the data (heap) segment. It’s an older memory management function, and it is rarely used in modern programs.
sbrk(): Moves the program’s break (end of the data segment) by a specified increment. Like brk(), it is an older memory management system call and not commonly used in newer programs.

`File Operations`

open(): Opens a file (or creates it if it doesn't exist) for reading, writing, or both. Returns a file descriptor, which is used for other operations (e.g., read(), write()).
read(): Reads data from a file descriptor into a buffer. Returns the number of bytes read, or -1 on error.
write(): Writes data from a buffer to a file descriptor. Returns the number of bytes written, or -1 on error.
close(): Closes a file descriptor, freeing up system resources associated with it.

`Signals`

Used to handle asynchronous events in a process, such as interruptions, timeouts, or the termination of child processes.
They allow programs to respond to events without explicitly checking for them in the main execution flow:
- signal(): Sets a handler function for a particular signal. For example, you can set a custom handler for SIGINT to catch interrupt signals (like Ctrl+C).
- kill(): Sends a signal to a process. It can be used to terminate processes or trigger specific handlers.
- SIGCHLD: Sent to a parent process when a child process terminates. This is useful for handling child process lifecycles (e.g., in process management).
- SIGINT: Sent when a user interrupts a process (e.g., pressing Ctrl+C). It is typically used to terminate processes.
- SIGSEGV: Sent when a program attempts to access memory that it is not allowed to (segmentation fault). It usually indicates a bug in the program, like a null pointer dereference.
- SIGKILL: A signal that immediately terminates a process. Unlike SIGTERM, the process cannot catch or ignore SIGKILL

PreviousPython Essentials NextWeb APIs

Last updated 2 months ago