Hi everyone! I (try to) create quality videos here on technical subjects involving computer security in any capacity.
In my opinion, RU-vid doesn't have enough engaging technical videos. Whether its poor audio or a low resolution screen cast, most technical videos could use a bit more attention. I try to create videos that are good for learning and for reference. Let me know how I'm doing! Constructive criticism is always welcome. I don't post all that often, but I try to make every video count.
It is simple, in little-endian, multi-byte values are stored such that most significant bytes are stored at a higher addresses and least significant at lower addresses (this is in fact the natural way of storing things).
It makes sense to me that data would be executable by default. Code is just another form of data (assembly opcodes are just numbers after all). Unless you dedicate memory or circuitry to it, the only obvious way to know whether a program is reading code or data is by essentially setting some kind of flag in the program and update it whenever a program starts or ends - to keep track of whether the program saw a "start of executable section" or "end of execution" section. It would be expensive to check every single byte between the current and target locations before executing a jump, so all we can do is put it in the normal program code. Its unsurprising that an exploit that alters program control can be used to skip over part of the program control process.
Bold of you to say that we as developers do not have to think about endianness xDD We just had a practical exam where we had to write a C program that on localhost communicates (server and client but both running on same machine), and trying to inspect memory results as you said gave very weird values. Thank you for an amazing video!
I know it's been 3 years since I posted this video, but I wanted to thank you immensely, I'm Brazilian and your video was 100% educational, I just had a question regarding Python and Java, I recently read an article about buffer overflow being exploited in applications python because it runs in C applications. So python was not the one affected, but rather the one that ran it, since it was developed in C. Again, congratulations on the video. Um abraço do Brasil!