Buffer Overflow Attacks
|
|
- Marylou White
- 5 years ago
- Views:
Transcription
1 CS- Spring Buffer Overflow Attacks Computer Systems..-,
2 CS- Spring Hacking Roots in phone phreaking White Hat vs Gray Hat vs Black Hat Over % of Modern Software Development is Black Hat! Tip the balance: Be a force for good not evil!
3 CS- Spring Disassembly program.c gcc -S gcc o program program.s program program objdump -d program.s
4 CS- Spring Disclaimer Buffer Overflow Attack DO NOT ABUSE! Ancient form of hacking First documented in Used in Morris Worm First internet virus Used to hack Unix, Windows, Xbox, PS, Wii Taught here as an example of what to watch out for!
5 CS- Spring Example Vulnerable Code char * getuserline() { char buffer[]; static char retbuf[]; if (gets(buffer)) { strcpy(retbuf,buffer); return retbuf; } return NULL; } gets reads from stdin until it finds either an end-of-file or a newline (returns ). gets copies whatever it reads into the argument (buffer). gets does not check to make sure result fits in space allocated.
6 CS- Spring getuserline in X (with stack frame) getuserline: push %ebp mov %esp,%ebp sub $x,%esp lea -x(%ebp),%eax mov %eax,(%esp) call <_gets> test %eax,%eax move %ebp,%esp pop %ebp ret %ebp buffer / %ebp-x %esp / Parm main s %ebp %ebp-
7 CS- Spring gets functionality gets reads a file that starts with %ebp main s %ebp THE FIRST EIGHTY T x E I F I R S buffer / %ebp- T H E x %esp / parm %ebp-
8 CS- Spring Mixing Hex and ASCII We normally treat a file as a string of ASCII characters In fact, each ASCII character has a hex representation T H E F I R S T E I G H T Y We can use the command od t xz to show both ASCII and hex >THE FIRST EIGHTY< e e e >... < > < We can write a program to put non-ascii hex data in a file
9 CS- Spring Example of a file with ASCII and Hex ASCII Representation on terminal cat file THE FIRST EIGHTY... """"""""@ Mixed representation od -t xz xmphex.txt >THE FIRST EIGHTY< e e e >... < > < * >""""""""...@.< a >.<
10 CS- Spring GEDIT Mixed File
11 CS- Spring String in file (stdin) read by gets T H E F I R S T E I G H T Y... Alignment Padding main s ebp Return Address!
12 CS- Spring stack frame after gets returns gets reads a file whose first line ends with x x x <- little endian x %ebp main s %ebp: x x T x E I F I R S %eax / buffer / %ebp- T H E x %esp %ebp-
13 CS- Spring getuserline in X (with stack) getuserline: push %ebp mov %esp,%ebp sub $x,%esp lea -x(%ebp),%eax mov %eax,(%esp) call <_gets> test %eax,%eax move %ebp,%esp pop %ebp ret x %ebp,%esp main s %ebp: x x T x E I F I R S %eax / buffer / %ebp- T H E x %ebp-
14 CS- Spring getuserline in X (with stack) getuserline: push %ebp mov %esp,%ebp sub $x,%esp lea -x(%ebp),%eax mov %eax,(%esp) call <_gets> test %eax,%eax move %ebp,%esp pop %ebp ret %esp x main s %ebp: x x T x E I F I R S %eax / buffer / %ebp- T H E x %ebp x %ebp-
15 CS- Spring getuserline in X (with stack) getuserline: push %ebp mov %esp,%ebp sub $x,%esp lea -x(%ebp),%eax mov %eax,(%esp) call <_gets> test %eax,%eax move %ebp,%esp pop %ebp ret x %eip main s %ebp: x x x T x E I F I R S %eax / buffer / %ebp- T H E x %ebp-
16 CS- Spring What s at x? Your evil code!
17 CS- Spring Problems with Buffer Overflow Attack Need to mix ASCII with hexadecimal in input file String can t contain newline (x) Need to know offset from buffer to top of stack / Overwrites caller s return address %ebp has been overwritten lost top of caller s stack frame Need to know address of pirate routine to return to Can write a program to do that Basic restriction Get that from objdump d Can get from objdump d %esp points to bottom of caller s frame, and we can find its size from objdump -d Harder, but not impossible
18 CS- Spring Preventing Buffer Overflow w/ Guard char * getuserline() { char buffer[]; int guard=xfedcba; static char retbuf[]; if (gets(buffer)) { assert(guard==xfedcba); strcpy(retbuf,buffer); return retbuf; } return NULL; } guard goes in stack frame after (on top of) buffer If buffer overflow occurs, guard will be modified If buffer overflow occurs, assert will fail Unless hacker did objdump and put xfedcba in his hacked file
19 CS- Spring String in file (stdin) read by gets T H E F I R S T E I G H T Y... B A D C F E Alignment Padding main s ebp Return Address! Guard
20 CS- Spring Preventing Buffer Overflow Attacks char * getuserline() { char buffer[]; static char retbuf[]; if (fgets(buffer,sizeof(buffer),stdin)) { strcpy(retbuf,buffer); return retbuf; } return NULL; } fgets reads from any file (third parameter) fgets checks size (second parameter) fgets does not allow buffer overwrite
Introduction to Computer Systems , fall th Lecture, Sep. 28 th
Introduction to Computer Systems 15 213, fall 2009 9 th Lecture, Sep. 28 th Instructors: Majd Sakr and Khaled Harras Last Time: Structures struct rec { int i; int a[3]; int *p; }; Memory Layout i a p 0
More informationBuffer-Overflow Attacks on the Stack
Computer Systems Buffer-Overflow Attacks on the Stack Introduction A buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer's boundary and overwrites memory in adjacent
More informationBuffer-Overflow Attacks on the Stack
Computer Systems Buffer-Overflow Attacks on the Stack Introduction A buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer's boundary and overwrites memory in adjacent
More informationBuffer Overflows. Buffer Overflow. Many of the following slides are based on those from
s Many of the following slides are based on those from 1 Complete Powerpoint Lecture Notes for Computer Systems: A Programmer's Perspective (CS:APP) Randal E. Bryant and David R. O'Hallaron http://csapp.cs.cmu.edu/public/lectures.html
More informationBuffer Overflow. Jo, Heeseung
Buffer Overflow Jo, Heeseung IA-32/Linux Memory Layout Heap Runtime stack (8MB limit) Dynamically allocated storage When call malloc(), calloc(), new() DLLs (shared libraries) Data Text Dynamically linked
More informationBUFFER OVERFLOW. Jo, Heeseung
BUFFER OVERFLOW Jo, Heeseung IA-32/LINUX MEMORY LAYOUT Heap Runtime stack (8MB limit) Dynamically allocated storage When call malloc(), calloc(), new() DLLs (shared libraries) Data Text Dynamically linked
More informationBuffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Buffer Overflow Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu IA-32/Linux Memory Layout Runtime stack (8MB limit) Heap Dynamically allocated storage
More informationCMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang
Project 3 Questions CMSC 313 Lecture 12 How C functions pass parameters UMBC, CMSC313, Richard Chang Last Time Stack Instructions: PUSH, POP PUSH adds an item to the top of the stack POP
More informationBuffer Overflow Attack
Buffer Overflow Attack What every applicant for the hacker should know about the foundation of buffer overflow attacks By (Dalgona@wowhacker.org) Email: zinwon@gmail.com 2005 9 5 Abstract Buffer overflow.
More informationSungkyunkwan University
November, 1988 Internet Worm attacks thousands of Internet hosts. How did it happen? November, 1988 Internet Worm attacks thousands of Internet hosts. How did it happen? July, 1999 Microsoft launches MSN
More informationFull Name: CISC 360, Fall 2008 Example of Exam
Full Name: CISC 360, Fall 2008 Example of Exam Page 1 of 0 Problem 1. (12 points): Consider the following 8-bit floating point representation based on the IEEE floating point format: There is a sign bit
More informationAdvanced Buffer Overflow
Pattern Recognition and Applications Lab Advanced Buffer Overflow Ing. Davide Maiorca, Ph.D. davide.maiorca@diee.unica.it Computer Security A.Y. 2016/2017 Department of Electrical and Electronic Engineering
More informationCS , Spring 2004 Exam 1
Andrew login ID: Full Name: CS 15-213, Spring 2004 Exam 1 February 26, 2004 Instructions: Make sure that your exam is not missing any sheets (there should be 15), then write your full name and Andrew login
More information2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks
Runtime attacks are major threats to today's applications Control-flow of an application is compromised at runtime Typically, runtime attacks include injection of malicious code Reasons for runtime attacks
More informationANITA S SUPER AWESOME RECITATION SLIDES
ANITA S SUPER AWESOME RECITATION SLIDES 15/18-213: Introduction to Computer Systems Stacks and Buflab, 11 Jun 2013 Anita Zhang, Section M WHAT S NEW (OR NOT) Bomblab is due tonight, 11:59 PM EDT Your late
More informationBetriebssysteme und Sicherheit Sicherheit. Buffer Overflows
Betriebssysteme und Sicherheit Sicherheit Buffer Overflows Software Vulnerabilities Implementation error Input validation Attacker-supplied input can lead to Corruption Code execution... Even remote exploitation
More informationCMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 16, SPRING 2013 TOPICS TODAY Project 6 Perils & Pitfalls of Memory Allocation C Function Call Conventions in Assembly Language PERILS
More informationStack -- Memory which holds register contents. Will keep the EIP of the next address after the call
Call without Parameter Value Transfer What are involved? ESP Stack Pointer Register Grows by 4 for EIP (return address) storage Stack -- Memory which holds register contents Will keep the EIP of the next
More informationLecture 08 Control-flow Hijacking Defenses
Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation
More informationAdvanced Buffer Overflow
Pattern Recognition and Applications Lab Advanced Buffer Overflow Ing. Davide Maiorca, Ph.D. davide.maiorca@diee.unica.it Computer Security A.Y. 2017/2018 Department of Electrical and Electronic Engineering
More informationCS , Fall 2002 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2002 Exam 1 October 8, 2002 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front. Write
More information20: Exploits and Containment
20: Exploits and Containment Mark Handley Andrea Bittau What is an exploit? Programs contain bugs. These bugs could have security implications (vulnerabilities) An exploit is a tool which exploits a vulnerability
More informationCSE 361S Intro to Systems Software Lab Assignment #4
Due: Thursday, October 23, 2008. CSE 361S Intro to Systems Software Lab Assignment #4 In this lab, you will mount a buffer overflow attack on your own program. As stated in class, we do not condone using
More informationCS , Fall 2001 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2001 Exam 1 October 9, 2001 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front. Write
More informationCMPSC 497 Buffer Overflow Vulnerabilities
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Buffer Overflow
More informationLab 10: Introduction to x86 Assembly
CS342 Computer Security Handout # 8 Prof. Lyn Turbak Wednesday, Nov. 07, 2012 Wellesley College Revised Nov. 09, 2012 Lab 10: Introduction to x86 Assembly Revisions: Nov. 9 The sos O3.s file on p. 10 was
More informationX86 Review Process Layout, ISA, etc. CS642: Computer Security. Drew Davidson
X86 Review Process Layout, ISA, etc. CS642: Computer Security Drew Davidson davidson@cs.wisc.edu From Last Time ACL-based permissions (UNIX style) Read, Write, execute can be restricted on users and groups
More informationAssembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction
Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction E I P CPU isters Condition Codes Addresses Data Instructions Memory Object Code Program Data OS Data Topics Assembly Programmer
More informationCNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux
CNIT 127: Exploit Development Ch 2: Stack Overflows in Linux Stack-based Buffer Overflows Most popular and best understood exploitation method Aleph One's "Smashing the Stack for Fun and Profit" (1996)
More informationBuffer overflows. Specific topics:
Buffer overflows Buffer overflows are possible because C does not check array boundaries Buffer overflows are dangerous because buffers for user input are often stored on the stack Specific topics: Address
More informationNon-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/XP
A NGSSoftware Insight Security Research Publication Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/20/XP David Litchfield (david@ngssoftware.com) 5 th March 22 www.ngssoftware.com
More informationLinux Memory Layout. Lecture 6B Machine-Level Programming V: Miscellaneous Topics. Linux Memory Allocation. Text & Stack Example. Topics.
Lecture 6B Machine-Level Programming V: Miscellaneous Topics Topics Linux Memory Layout Understanding Pointers Buffer Overflow Upper 2 hex digits of address Red Hat v. 6.2 ~1920MB memory limit FF C0 Used
More informationIs stack overflow still a problem?
Morris Worm (1998) Code Red (2001) Secure Programming Lecture 4: Memory Corruption II (Stack Overflows) David Aspinall, Informatics @ Edinburgh 31st January 2017 Memory corruption Buffer overflow remains
More informationProject 1 Notes and Demo
Project 1 Notes and Demo Overview You ll be given the source code for 7 short buggy programs (target[1-7].c). These programs will be installed with setuid root Your job is to write exploits (sploit[1-7].c)
More information15-213/18-243, Fall 2010 Exam 1 - Version A
Andrew login ID: Full Name: Section: 15-213/18-243, Fall 2010 Exam 1 - Version A Tuesday, September 28, 2010 Instructions: Make sure that your exam is not missing any sheets, then write your Andrew login
More informationBuffer Overflows Many of the following slides are based on those from Complete Powerpoint Lecture Notes for Computer Systems: A Programmer's Perspective (CS:APP) Randal E. Bryant and David R. O'Hallaron
More informationBuffer Overflows Defending against arbitrary code insertion and execution
www.harmonysecurity.com info@harmonysecurity.com Buffer Overflows Defending against arbitrary code insertion and execution By Stephen Fewer Contents 1 Introduction 2 1.1 Where does the problem lie? 2 1.1.1
More informationBuffer Overflow Attack (AskCypert CLaaS)
Buffer Overflow Attack (AskCypert CLaaS) ---------------------- BufferOverflow.c code 1. int main(int arg c, char** argv) 2. { 3. char name[64]; 4. printf( Addr;%p\n, name); 5. strcpy(name, argv[1]); 6.
More informationCS 3214 Spring # Problem Points Min Max Average Median SD Grader. 1 Memory Layout and Locality Bill
CS 3214 # Problem Points Min Max Average Median SD Grader 1 Memory Layout and Locality 25 2 25 14.2 14 5.7 Bill 2 Stack 25 3 22 12.6 13 4.2 Peter 3 Compilation and Linking 25 0 19 7.6 6 4.7 Maggie 4 Execution
More informationCSC 2400: Computing Systems. X86 Assembly: Function Calls
CSC 24: Computing Systems X86 Assembly: Function Calls 1 Lecture Goals Challenges of supporting functions Providing information for the called function Function arguments and local variables Allowing the
More informationCS , Fall 2004 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2004 Exam 1 Tuesday October 12, 2004 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front.
More informationCMSC 313 Lecture 12 [draft] How C functions pass parameters
CMSC 313 Lecture 12 [draft] How C functions pass parameters UMBC, CMSC313, Richard Chang Last Time Stack Instructions: PUSH, POP PUSH adds an item to the top of the stack POP removes an
More informationbuffer overflow exploitation
buffer overflow exploitation Samuele Andreoli, Nicolò Fornari, Giuseppe Vitto May 11, 2016 University of Trento Introduction 1 introduction A Buffer Overflow is an anomaly where a program, while writing
More informationObstacle Course Buffer Overflow Hacking Exercise
Obstacle Course Buffer Overflow Hacking Exercise JerseySTEM Cyber Security program Introduction This exercise helps you develop a detailed understanding of the calling stack organization on an Intel x86/32-
More informationCSC 2400: Computer Systems. Using the Stack for Function Calls
CSC 24: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
More informationMachine-Level Programming V: Buffer overflow
Carnegie Mellon Machine-Level Programming V: Buffer overflow Slides adapted from Bryant and O Hallaron Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 1 Recall: Memory
More informationCS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly
Raluca Popa Spring 2018 CS 161 Computer Security Discussion 1 Week of January 22, 2018: GDB and x86 assembly Objective: Studying memory vulnerabilities requires being able to read assembly and step through
More informationCS642: Computer Security
X86 Review Process Layout, ISA, etc. CS642: Computer Security Drew Davidson davidson@cs.wisc.edu From Last Week ACL- based permissions (UNIX style) Read, Write, execute can be restricted on users and groups
More informationBuffer Overflow. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Buffer Overflow Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu SSE2030: Introduction to Computer Systems, Spring 2018, Jinkyu Jeong (jinkyu@skku.edu)
More informationCSCE 212H, Spring 2008 Lab Assignment 3: Assembly Language Assigned: Feb. 7, Due: Feb. 14, 11:59PM
CSCE 212H, Spring 2008 Lab Assignment 3: Assembly Language Assigned: Feb. 7, Due: Feb. 14, 11:59PM February 7, 2008 1 Overview The purpose of this assignment is to introduce you to the assembly language
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationMachine-Level Programming V: Miscellaneous Topics Sept. 24, 2002
15-213 The course that gives CMU its Zip! Machine-Level Programming V: Miscellaneous Topics Sept. 24, 2002 Topics Linux Memory Layout Understanding Pointers Buffer Overflow Floating Point Code class09.ppt
More informationCSC 8400: Computer Systems. Using the Stack for Function Calls
CSC 84: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
More informationMachine- Level Programming V: Advanced Topics
Machine- Level Programming V: Advanced Topics Andrew Case Slides adapted from Jinyang Li, Randy Bryant & Dave O Hallaron 1 Today Structures and Unions Memory Layout Buffer Overflow Vulnerability ProtecEon
More informationPRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG
PRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG Table of contents Introduction Binary Disassembly Return Address Defense Prototype Implementation Experimental Results Conclusion Buffer Over2low Attacks
More informationadministrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?
administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions? exam on Wednesday today s material not on the exam 1 Assembly Assembly is programming
More informationCNIT 127: Exploit Development. Ch 1: Before you begin. Updated
CNIT 127: Exploit Development Ch 1: Before you begin Updated 1-14-16 Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as Denial
More informationLink 2. Object Files
Link 2. Object Files Young W. Lim 2017-09-20 Wed Young W. Lim Link 2. Object Files 2017-09-20 Wed 1 / 33 Outline 1 Linking - 2. Object Files Based on Oject Files ELF Sections Example Program Source Codes
More informationCPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e
CPSC 213 Introduction to Computer Systems Unit 1e Procedures and the Stack 1 Readings for Next 3 Lectures Textbook Procedures - 3.7 Out-of-Bounds Memory References and Buffer Overflow - 3.12 2 Local Variables
More informationInstruction Set Architectures
Instruction Set Architectures! ISAs! Brief history of processors and architectures! C, assembly, machine code! Assembly basics: registers, operands, move instructions 1 What should the HW/SW interface
More informationExploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it
Exploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it 29.11.2012 Secure Software Engineering Andreas Follner 1 Andreas Follner Graduated earlier
More informationGiving credit where credit is due
JDEP 284H Foundations of Computer Systems Machine-Level Programming V: Wrap-up Dr. Steve Goddard goddard@cse.unl.edu Giving credit where credit is due Most of slides for this lecture are based on slides
More informationBinghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11
X86 Debug Computer Systems Section 3.11 GDB is a Source Level debugger We have learned how to debug at the C level Now, C has been translated to X86 assembler! How does GDB play the shell game? Makes it
More informationSoftware Security (cont.): Defenses, Adv. Attacks, & More
CSE 484 / CSE M 584 (Autumn 2011) Software Security (cont.): Defenses, Adv. Attacks, & More Daniel Halperin Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly
More informationBuffer overflow is still one of the most common vulnerabilities being discovered and exploited in commodity software.
Outline Morris Worm (1998) Infamous attacks Secure Programming Lecture 4: Memory Corruption II (Stack Overflows) David Aspinall, Informatics @ Edinburgh 23rd January 2014 Recap Simple overflow exploit
More informationBuffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Buffer Overflow Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu x86-64/linux Memory Layout Stack Runtime stack (8MB limit) Heap Dynamically allocated
More information18-600: Recitation #4 Exploits
18-600: Recitation #4 Exploits 20th September 2016 Agenda More x86-64 assembly Buffer Overflow Attack Return Oriented Programming Attack 3 Recap: x86-64: Register Conventions Arguments passed in registers:
More informationEthical Hacking: Preventing & Writing Buffer Overflow Exploits
Ethical Hacking: Preventing & Writing Buffer Overflow Exploits Rochester Security Summit 2014 Rochester OWASP Chapter Lead Ralph Durkee - Durkee Consulting, Inc. info@rd1.net Ralph Durkee Background Founder
More informationCS / ECE , Spring 2010 Exam 1
Andrew login ID: Full Name: Recitation Section: CS 15-213 / ECE 18-243, Spring 2010 Exam 1 Version 1100101 Tuesday, March 2nd, 2010 Instructions: Make sure that your exam is not missing any sheets, then
More informationComputer Systems Architecture I. CSE 560M Lecture 3 Prof. Patrick Crowley
Computer Systems Architecture I CSE 560M Lecture 3 Prof. Patrick Crowley Plan for Today Announcements Readings are extremely important! No class meeting next Monday Questions Commentaries A few remaining
More informationComputer Systems CEN591(502) Fall 2011
Computer Systems CEN591(502) Fall 2011 Sandeep K. S. Gupta Arizona State University 9 th lecture Machine-Level Programming (4) (Slides adapted from CSAPP) Announcements Potentially Makeup Classes on Sat
More informationCSC 373, Winter 2012 Lab Assignment 3: The Buffer Bomb
CSC 373, Winter 2012 Lab Assignment 3: The Buffer Bomb Contact Glenn Lancaster (glancast@cs.depaul.edu) for questions/hints on this assignment. Introduction This assignment helps you develop a detailed
More informationInstruction Set Architectures
Instruction Set Architectures ISAs Brief history of processors and architectures C, assembly, machine code Assembly basics: registers, operands, move instructions 1 What should the HW/SW interface contain?
More informationUniversità Ca Foscari Venezia
Stack Overflow Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Introduction Buffer overflow is due to careless programming in unsafe languages like C
More informationROP It Like It s Hot!
Wednesday, December 3, 14 2014 Red Canari, Inc. All rights reserved. 1 I N F O R M AT I O N S E C U R I T Y ROP It Like It s Hot! A 101 on Buffer Overflows, Return Oriented Programming, & Shell- code Development
More informationInstruction Set Architecture
CS:APP Chapter 4 Computer Architecture Instruction Set Architecture Randal E. Bryant Carnegie Mellon University http://csapp.cs.cmu.edu CS:APP Instruction Set Architecture Assembly Language View! Processor
More informationInstruction Set Architecture
CS:APP Chapter 4 Computer Architecture Instruction Set Architecture Randal E. Bryant Carnegie Mellon University http://csapp.cs.cmu.edu CS:APP Instruction Set Architecture Assembly Language View Processor
More informationHands-on Ethical Hacking: Preventing & Writing Buffer Overflow Exploits
Hands-on Ethical Hacking: Preventing & Writing Buffer Overflow Exploits OWASP AppSec 2013 Rochester OWASP Chapter Lead Ralph Durkee - Durkee Consulting, Inc. info@rd1.net Hands-on Ethical Hacking: Preventing
More informationCS/ECE 354 Practice Midterm Exam Solutions Spring 2016
CS/ECE 354 Practice Midterm Exam Solutions Spring 2016 C Programming 1. The reason for using pointers in a C program is a. Pointers allow different functions to share and modify their local variables.
More informationTHEORY OF COMPILATION
Lecture 10 Activation Records THEORY OF COMPILATION EranYahav www.cs.technion.ac.il/~yahave/tocs2011/compilers-lec10.pptx Reference: Dragon 7.1,7.2. MCD 6.3,6.4.2 1 You are here Compiler txt Source Lexical
More informationAssembly Language: Function Calls
Assembly Language: Function Calls 1 Goals of this Lecture Help you learn: Function call problems: Calling and returning Passing parameters Storing local variables Handling registers without interference
More informationProgram Exploitation Intro
Program Exploitation Intro x86 Assembly 04//2018 Security 1 Univeristà Ca Foscari, Venezia What is Program Exploitation "Making a program do something unexpected and not planned" The right bugs can be
More informationCSC 591 Systems Attacks and Defenses Return-into-libc & ROP
CSC 591 Systems Attacks and Defenses Return-into-libc & ROP Alexandros Kapravelos akaprav@ncsu.edu NOEXEC (W^X) 0xFFFFFF Stack Heap BSS Data 0x000000 Code RW RX Deployment Linux (via PaX patches) OpenBSD
More informationLink 2. Object Files
Link 2. Object Files Young W. Lim 2017-09-23 Sat Young W. Lim Link 2. Object Files 2017-09-23 Sat 1 / 40 Outline 1 Linking - 2. Object Files Based on Oject Files ELF Sections Example Program Source Codes
More informationMachine-Level Prog. V Miscellaneous Topics
Machine-Level Prog. V Miscellaneous Topics Today Buffer overflow Extending IA32 to 64 bits Next time Memory Fabián E. Bustamante, 2007 Internet worm and IM war November, 1988 Internet Worm attacks thousands
More informationAssembly Language: Function Calls" Goals of this Lecture"
Assembly Language: Function Calls" 1 Goals of this Lecture" Help you learn:" Function call problems:" Calling and returning" Passing parameters" Storing local variables" Handling registers without interference"
More informationMachine-level Representation of Programs. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Machine-level Representation of Programs Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Program? 짬뽕라면 준비시간 :10 분, 조리시간 :10 분 재료라면 1개, 스프 1봉지, 오징어
More informationCS165 Computer Security. Understanding low-level program execution Oct 1 st, 2015
CS165 Computer Security Understanding low-level program execution Oct 1 st, 2015 A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns
More information238P: Operating Systems. Lecture 7: Basic Architecture of a Program. Anton Burtsev January, 2018
238P: Operating Systems Lecture 7: Basic Architecture of a Program Anton Burtsev January, 2018 What is a program? What parts do we need to run code? Parts needed to run a program Code itself By convention
More informationTales of the Unknown. Part One.
Tales of the Unknown Part One www.felinemenace.org Table of Contents Introduction... 3 Requisites... 3 The Story... 3 A look at Initialization...4 Compile time...4 Run time...5 A look at Dereferencing...
More informationAssembly Language: Function Calls. Goals of this Lecture. Function Call Problems
Assembly Language: Function Calls 1 Goals of this Lecture Help you learn: Function call problems: Calling and urning Passing parameters Storing local variables Handling registers without interference Returning
More informationAssembly Language: Function Calls" Goals of this Lecture"
Assembly Language: Function Calls" 1 Goals of this Lecture" Help you learn:" Function call problems:" Calling and urning" Passing parameters" Storing local variables" Handling registers without interference"
More informationMachine Programming 5: Buffer Overruns and Stack Exploits
Machine Programming 5: Buffer Overruns and Stack Exploits CS61, Lecture 6 Prof. Stephen Chong September 22, 2011 Thinking about grad school in Computer Science? Panel discussion Tuesday September 27th,
More informationLink Edits and Relocatable Code
Link Edits and Relocatable Code Computer Systems Chapter 7.4-7.7 gcc g o ttt ttt.c ttt.c gcc ttt Pre-Processor Linker Compiler Assembler ttt.s ttt.o gcc g o ttt ttt.c main.c gcc cmd util.c Pre-Processor
More informationSystems I. Machine-Level Programming I: Introduction
Systems I Machine-Level Programming I: Introduction Topics Assembly Programmerʼs Execution Model Accessing Information Registers IA32 Processors Totally Dominate General Purpose CPU Market Evolutionary
More informationStack Overflow COMP620
Stack Overflow COMP620 There are two kinds of people in America today: those who have experienced a foreign cyber attack and know it, and those who have experienced a foreign cyber attack and don t know
More informationCS-220 Spring 2018 Test 2 Version Practice Apr. 23, Name:
CS-220 Spring 2018 Test 2 Version Practice Apr. 23, 2018 Name: 1. (10 points) For the following, Check T if the statement is true, the F if the statement is false. (a) T F : The main difference between
More informationCSC 252: Computer Organization Spring 2018: Lecture 9
CSC 252: Computer Organization Spring 2018: Lecture 9 Instructor: Yuhao Zhu Department of Computer Science University of Rochester Action Items: Assignment 2 is due tomorrow, midnight Assignment 3 is out
More informationPart II Let s make it real
Part II Let s make it real Memory Layout of a Process In reality Addresses are written in hexadecimal: For instance, consider the assembly code for IE(): 0x08048428 : push %ebp 0x08048429 : %esp,%ebp
More informationBUFFER OVERFLOW DEFENSES & COUNTERMEASURES
BUFFER OVERFLOW DEFENSES & COUNTERMEASURES CMSC 414 FEB 01 2018 RECALL OUR CHALLENGES How can we make these even more difficult? Putting code into the memory (no zeroes) Finding the return address (guess
More information