Dear Son (EN)

1. Buffer Overflow 1.1. Security Vulnerabilities 1.1.1. Causes Buffer Overflow is a security vulnerability where data is written beyond the size of a buffer, overwriting adjacent memory. When data is written past the buffer boundary, adjacent memory gets overwritten . 1.1.2. Impact and Risks The program may crash abnormally or produce errors. Critical data may be corrupted, causing unexpected behavior . An attacker may manipulate memory to execute arbitrary code or take control of the system . 1.2. Stack Buffer Overflow Stack Buffer Overflow is a vulnerability in which data is written beyond the size of a buffer allocated in the Stack area, overwriting adjacent memory regions. The main causes are insufficient input length validation and the use of unsafe functions that do not perform bounds checks. # include <stdio.h> # include <string.h> # include <stdlib.h> // Demonstrate stack buffer overflow: // Stac...

1. C Language Pointers A pointer in C is a variable that stores a memory address. It stores the "location" (address) where data resides . #include <stdio.h> #include <string.h> #include <stdlib.h> int main() { const char *pstr = "Hello World!"; char *ptr = NULL ; const size_t len = strlen (pstr); ptr = malloc (len + 1); memset (ptr, 0x00, len + 1); memcpy (ptr, pstr, len); printf ("%p[%p] → %s\n", &ptr, ptr, ptr); free (ptr); return 0; } The ptr pointer variable resides in the Stack region . Using malloc , a memory space is allocated in the Heap region , and its address is stored in the Stack region ptr variable. Via memcpy , the "Hello World!" string data is copied into the allocated space in the Heap region . 0x7ffffc12fd50[0x5a14a05396b0] → Hello World! &ptr is the address of the pointer varia...

1. C Language Strings In the C language, a string can be defined as a continuous memory area of characters (char) terminated by a Null character ('\0') . The Null character is represented as '\0' or 0x00 . There is no dedicated data type for representing strings; string handling is performed through pointers and arrays. #include  <stdio.h> #include  <string.h>      int   main () {      char  str[ 16 ];           strcpy (str,  "012345678901234" );      printf ( "%s,len=%zu,size=%zu\n" , str,  strlen (str),  sizeof (str));           return   0 ; } ※ Local variables declared without initialization, such as  char str[32] , have their memory space filled with undefined values (garbag...