Dear Son (EN)

1. Buffer Overflow 1.1. Security Vulnerabilities 1.1.1. Causes Buffer Overflow is a security vulnerability where data is written beyond the size of a buffer, overwriting adjacent memory. When data is written past the buffer boundary, adjacent memory gets overwritten . 1.1.2. Impact and Risks The program may crash abnormally or produce errors. Critical data may be corrupted, causing unexpected behavior . An attacker may manipulate memory to execute arbitrary code or take control of the system . 1.2. Stack Buffer Overflow Stack Buffer Overflow is a vulnerability in which data is written beyond the size of a buffer allocated in the Stack area, overwriting adjacent memory regions. The main causes are insufficient input length validation and the use of unsafe functions that do not perform bounds checks. # include <stdio.h> # include <string.h> # include <stdlib.h> // Demonstrate stack buffer overflow: // Stac...

1. C Language Pointers A pointer in C is a variable that stores a memory address. It stores the "location" (address) where data resides . #include <stdio.h> #include <string.h> #include <stdlib.h> int main() { const char *pstr = "Hello World!"; char *ptr = NULL ; const size_t len = strlen (pstr); ptr = malloc (len + 1); memset (ptr, 0x00, len + 1); memcpy (ptr, pstr, len); printf ("%p[%p] → %s\n", &ptr, ptr, ptr); free (ptr); return 0; } The ptr pointer variable resides in the Stack region . Using malloc , a memory space is allocated in the Heap region , and its address is stored in the Stack region ptr variable. Via memcpy , the "Hello World!" string data is copied into the allocated space in the Heap region . 0x7ffffc12fd50[0x5a14a05396b0] → Hello World! &ptr is the address of the pointer varia...

1. C Language Strings In the C language, a string can be defined as a continuous memory area of characters (char) terminated by a Null character ('\0') . The Null character is represented as '\0' or 0x00 . There is no dedicated data type for representing strings; string handling is performed through pointers and arrays. #include  <stdio.h> #include  <string.h>      int   main () {      char  str[ 16 ];           strcpy (str,  "012345678901234" );      printf ( "%s,len=%zu,size=%zu\n" , str,  strlen (str),  sizeof (str));           return   0 ; } ※ Local variables declared without initialization, such as  char str[32] , have their memory space filled with undefined values (garbag...

1. C Language Code Analysis Practice Just like language, in programming code, not only writing ability but also reading ability is important. The ability to read code becomes the foundation of analytical skills for finding bugs that occur during programming and predicting code behavior in advance. Analyze the code presented below directly without compiling it and predict the execution result. Through this, you can build code comprehension skills and practice logical thinking. 1.1. Beginner Level 1.1.1. ex01_low_if.c Understand the control flow of the if/else conditional statement. Check operator precedence in the expression a + b > c * 3 . Trace how constant values declared with const are used in condition evaluation. #include <stdio.h> int main ( void ) { const int a = 3 ; const int b = 5 ; const int c = 2 ; int result = 0 ; if (a + b > c * 3 ) { result = 1 ; } else { result = 2 ; ...