It's a shame you have so little views. I think your videos are awesome! It's very hard to get into "hacking" or basically understanding how computers really work in a fun way. I appreciate your effort to make this knowledge easier to acquire. Thank you!
you finish it right ,I really wondered why I can't understand manythings but you calmed me ,thx for that video even that ,it was kinda interesting bcs I actually see how to learn more
Your videos are very good. I have searched and watched many videos on the topic in matter and your work is what exactly i was looking for. Well explained terms, examples with live hands-on-keyboard, short length, references from books used, no sleepy voicing and many more. Your videos are an example of how video tutorials-lectures should be made. Congrats
+mylampdatabases thank you for those kind words :) If you have any topics you are interested in, or a topic that was too confusing and you need more information, please give me feedback
This is amazing, never seen a video before that actually links all these concepts together, this gave me a totally new point of view on this as a student, thank you!
alot of this went over my head tbh. It's quite informative, yet quick paced. I'm still new to understanding syscalls. I'm definitely gonna be coming back to this video
I thought Linux kernel was complicated. Now I'm sure. Actually it's the simpler it can be, computing is complex and providing a safe reliable bed for applications to run, live and exit is indeed... Magic. Highest rank of Computer Magic.
This video is very good and you are really good at explaining complex stuff. This of course requires making some simplifications and it's quite easy to make things wrong when you do that. Claiming that the mov instruction inside of __get_user_asm is an example. While this is possible, its not what will usually happen. In most cases the page will be available in the memory (won't be swapped out) and no page fault will be done. As you explained before, resolving virtual addresses is done transparently by MMU, which is reprogrammed each time a process is scheduled.
+Krzysztof Adamski thanks for the additional info. I don't know the low level kernel stuff too much but was hoping that it's enough to create some intuition for it.
@@LiveOverflow if i supply a virtual address to copy_from_user and eventually there will be the mov when the process hits that mov won't the MMU translate automatically the virtual address into a physical one?
9:06 "Imagine if a process try to read some secrets from another process". A few days ago (January 2018) the google project zero team discovered a bug that does exactly this (meltdown and spectre) hahahaha
this wasn't google, the core behind spectre has been known for quite a while (paper published in ~2003). it's also not "intel and arm"'s fault; it's just a fault of the entire architecture. spectre involves cache speculation being obviously faster than just random accessing of memory; you can use the CPU's cache speculation to read memory in a process that is not yours because it works above paging and the time difference between reading something which is cached and which is not-so could be catastrophically huge. it's a fault of the von neumann architecture as a whole. while he did envision that "near instantaneous accessible memory" was required for his architecture he never saw the fact that with an electronic computer (that is able to do shit almost instantly) the sheer size of any memory would be a hinderance, and the mere millimeters that it exists away from the cpu would bottleneck instructions to the point that you can execute millions of instructions before certain pieces of data are returned in a fetch. in our greed for speed, we implemented caching in such a way that it breaks another concept we implemented around about the same time (paging). i'm sure we sorta also violated von neumann's vision - a computer program not being able to read the entirety of the memory available to it? that's just silly.
This is more my speed. A lot of condensed information in a short time here. Definitely going to have to wake up and drink another cup of coffee before watching it again.
you are amazing!. this compliment is not for what i learn from your videos. it is for your way of explanation. because, even some topics i don't understand my temptation doesn't stop me that not see your videos. #LiveOverflow is one of the best channel i am following thank you.
Great series so far. You are the first person I have found that goes deep enough to make me think, but not to the point of confusion. I appreciate what you are doing, keep up the good work!
One of the best playlists for hackers...And the best playlist for reverse engineering!!! And I am sad that this playlists have less views than the other stupid hack vdos..where most of them are fake ones ..And most of them are like making use of tools which contributes 0% to computer knowledge which are making backdoor and getting control of data..Hacking is something far than that.......This channel teaches us the real skills required for hacking like knowing the inner working of computer and how do they process data and how can you trick the computer.. Most channel teaches us how to do it..But this channel teaches how to do it and why did this happen..And huge respects to this man who did this vdos free for us to watch .May ur channel grows exponentially over time..And really sorry bcoz of posting the comment after u have asked the feedback ..Ur teaching is really great dude.And pls make a new playlist for web application penetration testing by starting from sql injection to advanced web application attacks ..Pls sir ur teaching is really gud ..And btw i am a great fan of ur vlogs
0:50 the funny thing about calling them an interface between things, is that the interface itself must then exist in a domain of its own (otherwise it isn't an "interface" but part of one "face" inside another - difference is crucial), of course being again either user or kernel land. In reality syscall implementation always exists in both of course.
first time i watched this video few month ago i didn't quite understood everything learnt assembly recently and now i'm like "bruh its the basics" but thanks anyway you made few things more clear
Very clear and easy to follow, thanks heaps. I know you briefly touched on how to implement a call but perhaps a quick live demonstration would be the only thing missing. Again, awesome work.
I always new about Ring0 and Ring3 but I never knew the technical side. Thanks for the useful information and the deadly rabbit hole you just got me in!
nice , but you wrong at 11:57 there will be no page fault ( only happen on special cases like addresses not belong to the process address space or swapped ) kernel will be mapped across all processes ( but protected from access ) so kernel can access process memory just by VA and MMU will convert to PA as usual
I was always afraid of binary exploitation and stuff around binaries. I really appreciate your work here. Thanks for the big help. As you said, I got lost in your series and wonder what I can get more in this video series.
Great videos! Although you are right in making assumptions that we understand what is clear to you, this makes us read more in detail about this. (And when you do this, it does not create any big gaps in - my - understanding.) For example the reverse engineering of the license check program, which I did not understand fully to begin with. Thank you! I would like to see some videos about reverse engineering in general, to help make life easier. Keep on doing this please!
+four0 two1 could you elaborate on "reverse engineering in general"? What is your imagination of reverse engineering? Any particular example in mind? I reverse engineered a simple C program with the license check. But you could also reverse engineer a protocol. Or hardware. Or a fileformat... etc
I would like to know everything. So maybe some more advanced examples of code in C, Python and ASM? Because I am not really educated enough on such subjects to make good guesses on what code do.
Around 3:20: FWIW, I think `puts` would probably have much less wrapper overhead than `printf`, since it doesn't have to do all the format string parsing and processing.
I hope to someday have a basic understandig of the linux kernel. Video reinforces how much I still need to learn. My brain overheated for a good reason.
I've watched some hacking videos of yours. I was amazed by your pace! You're 1337 . You deserve more subscriber(I know you don't need that). You show everything so precisely!!! Respect 👍👍
It's ~9 years that I'm learning about computers. so, I already know something. I was thinking how many years I would have saved if there was someone to teach me these things as you do. please go on with this series. and if you have some experience in embedded systems security, please share it with us. It would be fun to hack into things and learn how to write more secure code. tnx
Is it that Vic20 or Commodore64 dont have these rings, but you can write and run which opcode you want? Then 486 already has those rings and this applies...
Basically what that means is the kernal gives some address space to each process and this chunk of address space is called as linear address in that process, Right?
At 5:24 we load the number corresponding to the write syscall. Would it be possible using a debugger (or something else?) to change what is loaded into eax and make the syscall invoke another function?
I love your videos, can you do a video going over the Memory Sinkhole issue on x86 intel chips. I saw a video on it but I would love to see the code to make it happen.
What I'm confused about is how userland programs execute a privileged cpu opcode. Example, get the value of opcode RDPMC (x86) #include int main() { unsigned long long int x; __asm__ volatile (".byte 0x0f, 0x31" : "=A" (x)); printf("x = %lld ", x); } --------------------- does this cause a general protection fault and the kernel 'runs' this ?
Hey there, yes here are the two books you'll get the most of it from. Modern Operating Systems, by Andrew S. Tanenbaum; The Linux Programming Interface , by Michael Kerrisk.
@@LiveOverflow really im not kidding!! a friend of mine mentioned it, looked for it, found them, also minecraft and some other gameplays... sorry if i was being rude..
+Borgimanio Mostly by myself. I studied computer science and I went to an IT school. So those lectures certainly provided some information that helped to get me started.
It's a shame you have so little views.
I think your videos are awesome!
It's very hard to get into "hacking" or basically understanding how computers really work in a fun way.
I appreciate your effort to make this knowledge easier to acquire.
Thank you!
+Shalev Keren Thank you very much! You can help sharing it with other people who might be interested in it :)
not any more
@@LiveOverflow hey. thanks for making this video.
Lol
you finish it right ,I really wondered why I can't understand manythings but you calmed me ,thx for that video even that ,it was kinda interesting bcs I actually see how to learn more
Your English is quite clear and easy to understand by non-native English users
Your videos are very good. I have searched and watched many videos on the topic in matter and your work is what exactly i was looking for. Well explained terms, examples with live hands-on-keyboard, short length, references from books used, no sleepy voicing and many more. Your videos are an example of how video tutorials-lectures should be made. Congrats
im learning a lot from your videos, thanks for taking the time to make them, i appreciate it
+mylampdatabases thank you for those kind words :) If you have any topics you are interested in, or a topic that was too confusing and you need more information, please give me feedback
+LiveOverflow please talk about softirq and tasklets :)
It could be really cool to have a video about badass bash coding.
This is amazing, never seen a video before that actually links all these concepts together, this gave me a totally new point of view on this as a student, thank you!
alot of this went over my head tbh. It's quite informative, yet quick paced. I'm still new to understanding syscalls. I'm definitely gonna be coming back to this video
I thought Linux kernel was complicated.
Now I'm sure.
Actually it's the simpler it can be, computing is complex and providing a safe reliable bed for applications to run, live and exit is indeed... Magic. Highest rank of Computer Magic.
This video is very good and you are really good at explaining complex stuff. This of course requires making some simplifications and it's quite easy to make things wrong when you do that. Claiming that the mov instruction inside of __get_user_asm is an example. While this is possible, its not what will usually happen. In most cases the page will be available in the memory (won't be swapped out) and no page fault will be done. As you explained before, resolving virtual addresses is done transparently by MMU, which is reprogrammed each time a process is scheduled.
+Krzysztof Adamski thanks for the additional info. I don't know the low level kernel stuff too much but was hoping that it's enough to create some intuition for it.
@@LiveOverflow if i supply a virtual address to copy_from_user and eventually there will be the mov when the process hits that mov won't the MMU translate automatically the virtual address into a physical one?
@@niente11111111111111 that is exactly what the original comment said
9:06 "Imagine if a process try to read some secrets from another process". A few days ago (January 2018) the google project zero team discovered a bug that does exactly this (meltdown and spectre) hahahaha
Gee, I wonder what they needed this vulnerability for :q
Wow...
@@alojzybabel4153 It's a hardware vulnerability. It had nothing to do with google. Blame intel and arm.
this wasn't google, the core behind spectre has been known for quite a while (paper published in ~2003). it's also not "intel and arm"'s fault; it's just a fault of the entire architecture. spectre involves cache speculation being obviously faster than just random accessing of memory; you can use the CPU's cache speculation to read memory in a process that is not yours because it works above paging and the time difference between reading something which is cached and which is not-so could be catastrophically huge.
it's a fault of the von neumann architecture as a whole. while he did envision that "near instantaneous accessible memory" was required for his architecture he never saw the fact that with an electronic computer (that is able to do shit almost instantly) the sheer size of any memory would be a hinderance, and the mere millimeters that it exists away from the cpu would bottleneck instructions to the point that you can execute millions of instructions before certain pieces of data are returned in a fetch.
in our greed for speed, we implemented caching in such a way that it breaks another concept we implemented around about the same time (paging). i'm sure we sorta also violated von neumann's vision - a computer program not being able to read the entirety of the memory available to it? that's just silly.
It was sure I/Opening :D
Dad joke, huh? Nice.
It sure was*
Lol
Eat shit, that joke was horrible /j
OH BROTHER THIS GUY STINKS!
no matter how many times I come back to this playlist, I always learn something new🙌
This is more my speed. A lot of condensed information in a short time here. Definitely going to have to wake up and drink another cup of coffee before watching it again.
you are amazing!. this compliment is not for what i learn from your videos. it is for your way of explanation. because, even some topics i don't understand my temptation doesn't stop me that not see your videos. #LiveOverflow is one of the best channel i am following thank you.
Great series so far. You are the first person I have found that goes deep enough to make me think, but not to the point of confusion. I appreciate what you are doing, keep up the good work!
just realized that this video was made a long while ago. All the same, thanks for the content!
I love your videos. It is good to dive into topics like this sometimes. It is a taster that makes me want more.
One of the best playlists for hackers...And the best playlist for reverse engineering!!!
And I am sad that this playlists have less views than the other stupid hack vdos..where most of them are fake ones ..And most of them are like making use of tools which contributes 0% to computer knowledge which are making backdoor and getting control of data..Hacking is something far than that.......This channel teaches us the real skills required for hacking like knowing the inner working of computer and how do they process data and how can you trick the computer.. Most channel teaches us how to do it..But this channel teaches how to do it and why did this happen..And huge respects to this man who did this vdos free for us to watch .May ur channel grows exponentially over time..And really sorry bcoz of posting the comment after u have asked the feedback ..Ur teaching is really great dude.And pls make a new playlist for web application penetration testing by starting from sql injection to advanced web application attacks ..Pls sir ur teaching is really gud ..And btw i am a great fan of ur vlogs
watched 2 times to get the grasp of it. Man it was really profound amount of knowledge.
Gosh this went way over my head but I wish I could learn like you
I started learning the assembly and found it really difficult. Hope watching your video will help me more in learning :D
0:50 the funny thing about calling them an interface between things, is that the interface itself must then exist in a domain of its own (otherwise it isn't an "interface" but part of one "face" inside another - difference is crucial), of course being again either user or kernel land. In reality syscall implementation always exists in both of course.
first time i watched this video few month ago i didn't quite understood everything
learnt assembly recently and now i'm like "bruh its the basics"
but thanks anyway you made few things more clear
RDMSR(Read MSR) is a kernel level command how it can be execute in user mode,so there is much detail you are missing but its a great video
Very clear and easy to follow, thanks heaps. I know you briefly touched on how to implement a call but perhaps a quick live demonstration would be the only thing missing. Again, awesome work.
I always new about Ring0 and Ring3 but I never knew the technical side. Thanks for the useful information and the deadly rabbit hole you just got me in!
I'm at some grey area between n00b and leet.... and I these videos are neither too simple nor too complicated for me.. NICE!
strace just blew my mind.
nice , but you wrong at 11:57 there will be no page fault ( only happen on special cases like addresses not belong to the process address space or swapped ) kernel will be mapped across all processes ( but protected from access ) so kernel can access process memory just by VA and MMU will convert to PA as usual
I was always afraid of binary exploitation and stuff around binaries.
I really appreciate your work here.
Thanks for the big help. As you said, I got lost in your series and wonder what I can get more in this video series.
You want feedback? Here is the fb. You job is really good! Very clear and good enough !
awesome video man, in-depth and easy to understand
Great introduction. Thanks for sharing !
if you reach this error `implicit declaration of function ‘write’` when compile `write_test.c` just add `#include `
Great videos! Although you are right in making assumptions that we understand what is clear to you, this makes us read more in detail about this. (And when you do this, it does not create any big gaps in - my - understanding.) For example the reverse engineering of the license check program, which I did not understand fully to begin with.
Thank you!
I would like to see some videos about reverse engineering in general, to help make life easier. Keep on doing this please!
+four0 two1 could you elaborate on "reverse engineering in general"? What is your imagination of reverse engineering? Any particular example in mind? I reverse engineered a simple C program with the license check. But you could also reverse engineer a protocol. Or hardware. Or a fileformat... etc
I would like to know everything. So maybe some more advanced examples of code in C, Python and ASM? Because I am not really educated enough on such subjects to make good guesses on what code do.
LiveOverflow....I just see your 1st video.................Damn Its awesome :-)
AWESOME!!! So clear and compact! ... thanks for being so smart and communicative! :D
Still a good series! Can recommend this to everyone!
Enjoying your instruction on Lennox Cisco's sir!
what is Lennox Cisco?
Lol. I'm guessing you used speech to text to write your comment. Close in sound, but translated poorly.
LOL wow I obviously didn't proof read 🤣
Great video thanks. Very detailed contents. The author did a great job.
this is exactly I was looking for, thank you!
Around 3:20: FWIW, I think `puts` would probably have much less wrapper overhead than `printf`, since it doesn't have to do all the format string parsing and processing.
This is excellent! At the level I wanted to know.
this channel is a blessing
Thanks! Your videos are invaluable!
Excellent. Should i see the former videos to understand this?
Great video, a thumbs up 👍
I hope to someday have a basic understandig of the linux kernel.
Video reinforces how much I still need to learn.
My brain overheated for a good reason.
You videos are way too good. Can't believe i have'nt found more than 2.5 years.
Simple and honest ! thaaaank youuu ! great great great !
Superb explaination
I guess I am not ready for this yet.. but I will come again soon :)
hey liveoverflow, du bist mein totemtier :D
Fantastic intro to syscalls!
Your videos are fantastic!
the world is wide and genius are abundant
bruh and i thought learning this is hard lmao thanks for the ez explaining ❤️
This one was very interesting! Thanks for this one =D
I've watched some hacking videos of yours. I was amazed by your pace! You're 1337 . You deserve more subscriber(I know you don't need that). You show everything so precisely!!! Respect 👍👍
Great Great Great Video.. Thanks a lot..
@3:42 Where does the address stored in IA32__LSTARMSR POINT TO.? I mean what does that address contain?
It's ~9 years that I'm learning about computers. so, I already know something.
I was thinking how many years I would have saved if there was someone to teach me these things as you do.
please go on with this series.
and if you have some experience in embedded systems security, please share it with us.
It would be fun to hack into things and learn how to write more secure code.
tnx
that's a really great video
Why length is 5? What is about the Null Byte?
Is it that Vic20 or Commodore64 dont have these rings, but you can write and run which opcode you want? Then 486 already has those rings and this applies...
Basically what that means is the kernal gives some address space to each process and this chunk of address space is called as linear address in that process, Right?
thank i love your video~ please do more
@3:00 Is it possible to just skip to 'syscall' instead of stepping through each instruction?
Wow. That was awesome 👍
Amazing Content !!!
I would like to see such a deep dive for hypervisor. and maybe compare with this. PS: how can I give double or triple likes to a video?
I understood barely a 10% of that, but very interesting
Great video, thanks
You recommend some documentation but it's good to paste links for them in the description of video.
This is great. Thanks!
awesome video
At 5:24 we load the number corresponding to the write syscall. Would it be possible using a debugger (or something else?) to change what is loaded into eax and make the syscall invoke another function?
Yeah, definitely. The result would be quite random tho, as the different syscall signatures can differ a lot.
wow!!. Thank you very much!.
Hi are there any other things books that can help me understand the Memory - -and kernel basics
wow great video
i love you man
I love your videos, can you do a video going over the Memory Sinkhole issue on x86 intel chips. I saw a video on it but I would love to see the code to make it happen.
And how did you exactly learn all of this? Just from reading documentations??
12:30 very true words
What I'm confused about is how userland programs execute a privileged cpu opcode. Example, get the value of opcode RDPMC (x86)
#include
int main() {
unsigned long long int x;
__asm__ volatile (".byte 0x0f, 0x31" : "=A" (x));
printf("x = %lld
", x);
}
---------------------
does this cause a general protection fault and the kernel 'runs' this ?
yeah, thank you
Thank you. Is there a book or a resource where can i learn this kind of stuffs deeply ?
Hey there, yes here are the two books you'll get the most of it from.
Modern Operating Systems, by Andrew S. Tanenbaum;
The Linux Programming Interface
, by Michael Kerrisk.
Awesome content just awesome
2:47 what version of radare2 is this ? how did you get this view ?
never mind turns out i had an old version..
Thanks!
Thank u so much
Thanks
sehr gutes video!
Just awesome.
awesome!!!!!
wait!!
i ve seen your videos somewhere else too!!
Where?! O.o
@@LiveOverflow i dont want to say it aloud...
.
p***hub?
@@LiveOverflow really im not kidding!!
a friend of mine mentioned it, looked for it, found them, also minecraft and some other gameplays... sorry if i was being rude..
really well explained! sind Sie Deutsch?
metaldownm denke nicht
metaldownm doch jst er
metaldownm 110 prozent
Here is a link for the doc about kernel excpetion : www.kernel.org/doc/Documentation/x86/exception-tables.txt
god, this is awsome
Where did you learn all this? All by yourself or somewhere in university?
+Borgimanio Mostly by myself. I studied computer science and I went to an IT school. So those lectures certainly provided some information that helped to get me started.
Very cool video :)