Rust string data-types
The two first main objects are "str" and String, lets check also the constructors.Imports and functions
Even such a basic program links several libraries and occupy 2,568Kb, it's really not using the imports and expots the runtime functions even the main.
Even a simple string operation needs 544 functions on rust:
Main function
If you expected see a clear main function I regret to say that rust doesn't seem a real low-level language In spite of having a full control of the memory.Ghidra turns crazy when tries to do the recursive parsing of the rust code, and finally we have the libc _start function, the endless loop after main is the way Ghidra decompiles the HLT instruction.
If we jump to main, we see a function call, the first parameter is rust_main as I named it below:
If we search "hello world" on the Defined Strings sections, matches at the end of a large string
After doing "clear code bytes" we can see the string and the reference:
We can see that the literal is stored in an non null terminated string, or most likely an array of bytes. we have a bunch of byte arrays and pointed from the code to the beginning.
Let's follow the ref. [ctrl]+[shift]+[f] and we got the references that points to the rust main function.
After several naming thanks to the Ghidra comments that identify the rust runtime functions, the rust main looks more understandable.
See below the ref to "hello world" that is passed to the string allocated hard-coding the size, because is non-null terminated string and there is no way to size this, this also helps to the rust performance, and avoid the c/c++ problems when you forgot the write the null byte for example miscalculating the size on a memcpy.
Regarding the string object, the allocator internals will reveal the structure in static.
alloc_string function call a function that calls a function that calls a function and so on, so this is the stack (also on static using the Ghidra code comments)
1. _$LT$alloc..string..String$u20$as$u20$core..convert..From$LT$$RF$str$GT$$GT$::from::h752d6ce1f15e4125
2. alloc::str::_$LT$impl$u20$alloc..borrow..ToOwned$u20$for$u20$str$GT$::to_owned::h649c495e0f441934
3. alloc::slice::_$LT$impl$u20$alloc..borrow..ToOwned$u20$for$u20$$u5b$T$u5d$$GT$::to_owned::h1eac45d28
4. alloc::slice::_$LT$impl$u20$$u5b$T$u5d$$GT$::to_vec::h25257986b8057640
5. alloc::slice::hack::to_vec::h37a40daa915357ad
6. core::slice::_$LT$impl$u20$$u5b$T$u5d$$GT$::len::h2af5e6c76291f524
7. alloc::vec::Vec$LT$T$GT$::extend_from_slice::h190290413e8e57a2
8. _$LT$alloc..vec..Vec$LT$T$GT$$u20$as$u20$alloc..vec..SpecExtend$LT$$RF$T$C$core..slice..Iter$LT$T$GT$$GT$$GT$::spec_extend::h451c2f92a49f9caa
...
Well I'm not gonna talk about the performance impact on stack but really to program well reusing code grants the maintainability and its good, and I'm sure that the rust developed had measured that and don't compensate to hardcode directly every constructor.
At this point we have two options, check the rust source code, or try to figure out the string object in dynamic with gdb.
Source code
The string object is defined at string.rs and it's simply an u8 type vector.
And the definition of vector can be found at vec.rs and is composed by a raw vector an the len which is the usize datatype.
The RawVector is a struct that helds the pointer to the null terminated string stored on an Unique object, and also contains the allocation pointer, here raw_vec.rs definition.
The cap field is the capacity of the allocation and a is the allocator:
Finally the Unique object structure contains a pointer to the null terminated string, and also a one byte marker core::marker::PhantomData
Dynamic analysis
The first parameter of the constructor is the interesting one, and in x64 arch is on RDI register, the extrange sequence RDI,RSI,RDX,RCX it sounds like ACDC with a bit of imagination (di-si-d-c)So the RDI parámeter is the pointer to the string object:
So RDI contains the stack address pointer that points the the heap address 0x5578f030.
Remember to disable ASLR to correlate the addresses with Ghidra, there is also a plugin to do the synchronization.
Having symbols we can do:
p mystring
and we get the following structure:
String::String {
vec: alloc::vec::Vec
buf: alloc::raw_vec::RawVec
ptr: core::ptr::unique::Unique
pointer: 0x555555790130 "hello world\000",
_marker: core::marker::PhantomData
},
cap: 11,
a: alloc::alloc::Global
},
len: 11
}
}
If the binary was compiled with symbols we can walk the substructures in this way:
(gdb) p mystring.vec.buf.ptr
$6 = core::ptr::unique::Unique
(gdb) p mystring.vec.len
$8 = 11
If we try to get the pointer of each substructure we would find out that the the pointer is the same:
If we look at this pointer, we have two dwords that are the pointer to the null terminated string, and also 0xb which is the size, this structure is a vector.
The pionter to the c string is 0x555555790130
This seems the c++ string but, let's look a bit deeper:
RawVector
Vector:
(gdb) x/wx 0x7fffffffdf50
0x7fffffffdf50: 0x55790130 -> low dword c string pointer
0x7fffffffdf54: 0x00005555 -> hight dword c string pointer
0x7fffffffdf58: 0x0000000b -> len
0x7fffffffdf5c: 0x00000000
0x7fffffffdf60: 0x0000000b -> low cap (capacity)
0x7fffffffdf64: 0x00000000 -> hight cap
0x7fffffffdf68: 0xf722fe27 -> low a (allocator)
0x7fffffffdf6c: 0x00007fff -> hight a
0x7fffffffdf70: 0x00000005
So in this case the whole object is in stack except the null-terminated string.
More information
- Pentest Tools Linux
- Pentest Tools Website Vulnerability
- Hack Website Online Tool
- Pentest Tools
- Hacker Tools For Mac
- Hacker Tools
- New Hacker Tools
- Hacker Tools Free Download
- Computer Hacker
- Pentest Tools Download
- Hacking Tools 2019
- World No 1 Hacker Software
- Pentest Tools For Mac
- Hacker Security Tools
- Hacking Tools For Mac
- Pentest Tools Windows
- New Hack Tools
- Hacking Tools Github
- Hacker Tools Free
- Hack Tools For Ubuntu
- New Hacker Tools
- Kik Hack Tools
- Pentest Tools For Windows
- Pentest Tools Windows
- Pentest Tools Online
- Hacker Search Tools
- Hacking Tools For Windows Free Download
- Pentest Tools Website
- Pentest Tools List
- Tools 4 Hack
- Best Hacking Tools 2019
- Install Pentest Tools Ubuntu
- Hack Tools Download
- Pentest Tools Find Subdomains
- Hack Tools Github
- Hacker Tools For Ios
- Hacking Tools For Pc
- Hacker Tools Software
- Hacker Tools Online
- Pentest Tools
- Hacker Hardware Tools
- Pentest Tools Port Scanner
- Hacker Tools
- Hacking Tools
- Hacking Tools Windows 10
- Hacking Tools Software
- Hacking Tools Windows
- Hack Website Online Tool
- Hacking Tools For Windows 7
- Easy Hack Tools
- Pentest Tools Kali Linux
- Hacker Tools Software
- Hacking Tools For Pc
- Hacker Tools 2020
- Hack Tools 2019
- Hacking Tools For Pc
- Hacker Tools Free Download
- Hacking Tools Software
- Hacking Tools Windows
- Hacker Tools Windows
- Best Pentesting Tools 2018
- Hack Tools
- Hacking Tools For Mac
- Hak5 Tools
- Hacking Tools For Kali Linux
- Pentest Tools Subdomain
- Install Pentest Tools Ubuntu
- Hack And Tools
- Blackhat Hacker Tools
- Hacker Tools Free
- Hack Tools Github
- Hack Tools For Games
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Free
- Hack Tool Apk
- Hacker Tools For Ios
- Pentest Tools Free
- Pentest Tools For Windows
- Hack Tools For Games
- Usb Pentest Tools
- Hacking Tools Mac
- Computer Hacker
- Hacker Tools For Ios
- Hacker Techniques Tools And Incident Handling
- Pentest Tools For Mac
- Best Hacking Tools 2019
- Hacking Tools Software
- Hack Tools For Games
- Pentest Tools Nmap
- Pentest Reporting Tools
- Hacking Tools Name
- Hacker Tools Apk Download
- Hacking Tools Usb
- Pentest Tools Alternative
- Hacker Search Tools
- Best Pentesting Tools 2018
- Hacker Tools For Ios
- How To Make Hacking Tools
- Hackrf Tools
- Hack Tool Apk No Root
- New Hack Tools
- Nsa Hacker Tools
- Hack Tool Apk
- Hack Tools Download
- Android Hack Tools Github
- Game Hacking
- New Hack Tools
- Hacking Tools For Windows 7
- Hack Tool Apk No Root
- Hacking Tools For Games
- Hack App
- Hacking Tools For Pc
- Hacker Tools Apk Download
- Hacking Tools 2019
- New Hack Tools
- Pentest Tools Free
- Best Pentesting Tools 2018
- Best Pentesting Tools 2018
- Pentest Tools Windows
- Best Hacking Tools 2020
- Pentest Reporting Tools
- Hack Tools Mac
- Hacker Tools 2020
- Pentest Tools Download
- Hak5 Tools
- Hacker Techniques Tools And Incident Handling
- Hacking Tools For Beginners
- Hacking Tools For Pc
- Hack Rom Tools
- Hack Apps
- Wifi Hacker Tools For Windows
- Hack Tools For Mac
- Pentest Tools Open Source
- New Hack Tools
- Hacker Tools Free Download
- Pentest Tools
- Hackers Toolbox
- Ethical Hacker Tools
- Pentest Tools Download
- Pentest Reporting Tools
- Hacking Tools For Kali Linux
- Pentest Tools Find Subdomains
- Beginner Hacker Tools
- How To Install Pentest Tools In Ubuntu
- New Hack Tools
- Game Hacking
- Hacking Tools Software
- Hack Tools For Ubuntu
- Pentest Tools Alternative
- Hacking App
- What Is Hacking Tools
- Hack Tools For Ubuntu
- Ethical Hacker Tools
- Hack Apps
- Android Hack Tools Github
- Pentest Tools Nmap
- Hacker Techniques Tools And Incident Handling
- Best Hacking Tools 2020
- Hacking App
- Hacking Tools Software
- Hack Tools For Games
- Easy Hack Tools
- Hacker Tools Linux
- Nsa Hack Tools Download
- Pentest Tools List
- Hacking Tools Mac
- Hack App
- Hacker Tools 2020
- Black Hat Hacker Tools
- Hacking Tools Kit
- Nsa Hack Tools
- Hacking Tools Mac
- Hacking Tools Windows 10
- Pentest Box Tools Download
- World No 1 Hacker Software
- Easy Hack Tools
- Pentest Tools Nmap
Nenhum comentário:
Postar um comentário