Pointers in Depth
*IMPORTANT* before reading this blog, it is required to know the basic fundamentals of C language to fully understand this topic.
Today I want to write a blog about Pointers in C language. I assume that most people have been struggling with this concept of C, thus I decided to write a blog with a great explanation. I also thought that would be great for software ethical hackers in the CyberSec community because we will be using a lot. Now lets dive into it.
I will show you 2 great examples, how they being explained and shown in the “gdb” debugger.
Pointers have been maybe the popular choice among programmers as well for software hackers when it comes to using memory in an optimized way. Pointers have made it possible to access the content of any variable such as; array, or data type. You can use pointers for low level-access to any content and improve the overall perfomance.
Oke I have explained what it does but not yet explained what it is?
What is a Pointer?
A pointer is a variable that contains the memory address of another variable, array, or string. When a pointer contains the address of something, it is said to be pointing at that thing. The EIP register is a pointer that ‘points’ to the current instruction during a program’s execution by containing its memory address. The idea of pointers is used in C, also. Since the physical memory cannot actually be moved, the information in it must be copied. It can be very computationally expensive to copy large chunks of memory to be used by different functions or in the different places.
What I am going to illustrate you will be crucial to learners because with a short explaination you will be faced with 2 examples.
Why do we need pointers? now the answer is very simple. We need them because they do the following:
- it facililates the dynamic allocation of memory
- it provides an alternative way to access a data type, apart from variable names, you can access the content of a variable through pointers.
- it also makes possible for us to return more than one value from a function
when you define an integer variable, two bytes will be allocated to it in memory. This set of two bytes can be accessed by a memory is quite big and is in hex format.
I also indicated some comments for the sake of simplicity.
As the comments in the code indicate, the first pointer is set at the beginning of the character array. When we declare an array it acually referenced like this, it is actually a pointer itself. Now read the comment carefully and understand the flow of this code.
I am going to use “GDB” debugger to see more in details.
The program is recompiled, and a breakpoint is set on the tenth line of the code. This will stop the program after the “Hello hacker\n” as you can see the string has been copied into the “str” buffer and the pointer variable is set to the beginning
When the pointer is examined as a string, it’s apparent that the given string is there and is located at memoy address ‘0x7fffffffdf10’ remember, only the memory address ‘0x7fffffffdf10’ is stored.
When the address of operator is used, the pointer variable is shown to be located at the address ‘‘0x7fffffffdf38’ in memory, and it contains the address of ‘‘0x7fffffffdf10’
I know this concept might be confusing, but if you get everything in the right order, you will be able to learn and understand buffer overflow attacks more in depth. I will put some links where you can practise pointers and other concepts as well.
Now, i am going to write a short code which will be able to demonstrate much easier than the previous one.
Now we are going to use GDB to fully understand the memory address.
As usual, a breakpoint is set and the program is executed in the debugger. At this point the majority of the program has executed. The first print command shows the value of “var”, and the second shows its address using the address of operator
Using pointers enables us to access content precisely from desired memory locations, but allocating memory through pointers and not releasing it when the job is done may lead to a problem.
I also recommend you to use GDB debuggers understandably to fully inform yourself of the located memory address of that variable being used, in my case i did that.
I do like using pointers and structs (which I will explain later on) as an ethical hacker, it is useful to learn any programming language. I would prefer to learn C/C++ to being able to understand the memory allocation as well the data structure of algorithm. Most people are confused to choose a particular area in cyber security field, as a software hacker I should go for codering with C also assembly language, if you want to develop your RATS,malware educationally of course, but overall you do not need it but will be great of course to analyze stuff. More ethical hacking, malware, software hacking will be placed in this platform and i almost forget to say that exploit analysis on my YouTube channel will be shared :)
Thank you so much for reading this blog. I know that this blog will not be enough but do not worry more articles and blogs will be written and explained, we will go deeper in this field. I am aiming myself to become a superior hacker and would like to share my experience to my viewers and peoplez who would become a superior hacker as well.
I will put some links where you can learn and enhance your weapon )
C Programming Language - GeeksforGeeks
C is a procedural programming language. It was initially developed by Dennis Ritchie as a system programming language…
C programming is a general-purpose, procedural, imperative computer programming language developed in 1972 by Dennis M…
Learn C Programming Language Tutorial - javatpoint
C language Tutorial with programming approach for beginners and professionals, helps you to understand the C language…
C is a general-purpose programming language, developed in 1972, and still quite popular. C is very powerful; it has…
Twitter: DarkGhost (@TurkishHoodie_) / Twitter
Ahmet Goker | Exploit researcher | Malware researcher | Youtuber