iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
A Little About Integers
  • Null Set
    Posts: 112
    # This was originally posted in securityoverride.com by me
    # Link to original copy of this post here

    In most 32 bit systems, signed integers have a maximum value of 2,147,483,647 and a minimum value of -2,147,483,648. We have these values because of the thing we call Two's Complement. Two's complement is simply a way of representing negative numbers in binary. This is how it works:

    - The most significant bit (MSB) is used as the indicator of sign. Thus in 8-bit systems, you'd actually only have 7 bits to work with (thus the limit of -128 to 127 for signed integers).
    - Positive numbers are represented normally as you would think of them in normal binary. 0000 0001 is 1; 0101 0101 is 85. Note that the MSB for these numbers is 0.
    - Negative numbers, on the other hand, work this way:


    1000 0000 -> -128
    1000 0001 -> -127
    1000 0011 -> -126
    1111 1111 -> -1



    To make this easier to think about, a negative number is the value of the negative of the most significant bit in binary (in 8-bit, it's 1000 0000 or 128) plus the value of all the bits to the right of the MSB. So in essence:


    1000 0000 -> -128 + 0 = -128
    1000 0001 -> -128 + 1 = -127
    1000 0011 -> -128 + 2 = -126
    1111 1111 -> -128 + 127 = -1



    (This isn't a Two's Complement thread so I won't explain this any further than that. For further reading on Two's Complement, visit http://en.wikipedia.org/wiki/Two's_complement )

    Now, back to what the topic is about, one thing everyone knows that will cause a Floating Point Exception is division by 0. There is another way to do so though. Remember at the start I mentioned the maximum and minimum value of a 32-bit system. In the C header, limits.h, those values are stored in INT_MAX and INT_MIN respectively. INT_MIN however is our interest here because we can use it to cause an FPE. How so?


    We know that:
    |INT_MIN| = |INT_MAX| + 1



    As such, if


    INT_MIN = -2,147,483,648 then INT_MIN / (-1) = 2,147,483,648



    This operation causes a floating point exception because positive 2,147,483,648 cannot be represented in 32-bit systems using Two's Complement. Remember that:


    10000000 00000000 00000000 00000000 = 2,147,483,648 in binary. BUT using two's complement, this binary value actually is -2,147,483,648.



    Thus there is an overflow because there is no way to represent the resulting number. As such, remember that when you write code, be sure to check for this as well when doing operations that might cause it.
  • Sh3llc0d3
    Posts: 1,910
    Whoah, nice paper. Scim read it but i'll fully read it later when i'm not still half asleep :)

    Edited it as you'd missed a tag :)
  • Xin
    Posts: 3,251
    Write a bit more about floating point and things that you just lightly touch on, it will help the reader :).
    Write about the accuracy range trade off etc.
    Xin
  • Null Set
    Posts: 112
    Maybe in a different thread later on. :)
Add a Comment