Sicurezza Informatica
|
|
- Gerard Benson
- 5 years ago
- Views:
Transcription
1 Sicurezza Informatica Lez. 2 Formato file e Assembler (II parte)
2 Avviso Causa sovrapposizione orario lezione con Consiglio di Dipartimento si propone di anticipare la lezione del 14/10 al 13/10 aula ALFA ore 13.30
3 I FORMATI DI UN FILE
4 Sorgente #include<stdio.h> int main(void) { int n = 6; float f=1; int i = 1; for(; i<=n; i++) f=f*i; printf("\n Factorial is : [%f]\n",f); return 0; }
5 From src to exe Editor (es. vi) source (es. *.c. *.as) Object code (es. *.o, *.obj) Compilatore (es. gcc) Debugging information Linker (es. ld) Exec file
6 A more refined model C program: foo.c Compiler Assembly program: foo.s Assembler Object(mach lang module): foo.o Linker lib.o Executable(mach lang pgm): a.out Loader Memory
7 ELF (EXECUTABLE AND LINKABLE FORMAT)
8 .elf It is a common standard file format for executables, object code, shared libraries, and core dumps First published in the System V Application Binary Interface specification,and later in the Tool Interface Standard, it was quickly accepted among different vendors of Unix systems In 1999 it was chosen as the standard binary file format for Unix and Unix-like systems on x86 by the 86open project
9 .elf An ELF binary starts with a fixed-length ELF header, followed by a variable-length program header listing each of the program sections to be loaded The ELF format specifies two "views" of an ELF file -- one is used for linking and the other is used for execution. This affords significant flexibility for systems designers We talk about sections in object code waiting to be linked into an executable. One or more sections map to a segment in the executable.
10 .elf
11 Elf Header #define ELF_MAGIC 0x464C457FU /* "\x.elf" in little endian */ struct Elf { uint32_t e_magic; // must equal ELF_MAGIC uint8_t e_elf[12]; uint16_t e_type; uint16_t e_machine; uint32_t e_version; uint32_t e_entry; uint32_t e_phoff; uint32_t e_shoff; uint32_t e_flags; uint16_t e_ehsize; uint16_t e_phentsize; uint16_t e_phnum; uint16_t e_shentsize; uint16_t e_shnum; uint16_t e_shstrndx; };
12 Header: campi importanti e_entry This member gives the virtual address to which the system first transfers control, thus starting the process. If the file has no associated entry point, this member holds zero. e_phoff This member holds the program header table s file offset in bytes. If the file has no program header table, this member holds zero. e_shoff This member holds the section header table s file offset in bytes. If the file has no section header table, this member holds zero. e_flags This member holds processor-specific flags associated with the file. Flag names takethe form EF_machine _flag. See Machine Information for flag definitions. e_ehsize This member holds the ELF header s size in bytes. e_phentsize This member holds the size in bytes of one entry in the file s program header table; all entries are the same size. e_phnum This member holds the number of entries in the program header table. Thus the product of e_phentsize and e_phnum gives the table s size in bytes. If a file has no program header table, e_phnum holds the value zero.
13 .elf
14 Program Header The ELF header actually points to another group of headers called the program headers These headers describe to the operating system anything that might be required for it to load the binary into memory and execute it Segments are described by program headers, but so are some other things required to get the executable running
15 ELF header and Program header ELF header definition contains fields e_phoff, e_phnum and e_phentsize; these are simply the offset in the file where the program headers start, how many program headers there are and how big each program header is With these three information you can easily find and read the program headers
16 Proghdr struct Proghdr {! uint32_t p_type;! }; uint32_t p_offset;! uint32_t p_va;! uint32_t p_pa;! uint32_t p_filesz;! uint32_t p_memsz;! uint32_t p_flags;! uint32_t p_align;!
17 Which segments The C definitions for these ELF headers are in inc/ elf.h. The program segments we're interested in are:.text: the program's executable instructions.rodata: read-only data, such as ASCII string constants produced by the C compiler. (We will not bother setting up the hardware to prohibit writing, however.).data: The data section holds the program's initialized data, such as global variables declared with initializers like int x = 5;..bss
18 .elf When the linker computes the memory layout of a program, it reserves space for uninitialized global variables, such as int x; in a section called.bss that immediately follows.data in memory C requires that "uninitialized" global variables start with a value of zero. Thus there is no need to store contents for.bss in the ELF binary; instead, the linker records just the address and size of the.bss section. The loader or the program itself must arrange to zero the.bss section.
19 Various tools for various formats Depending on the file format we use different tools for inspecting their content: Editor (vi, vim, emacs, ) for source files Objdump for obj and exe files A c object file is obtained by using the -c option in GCC, the suffix of an object file is.o An executable file is obtained by using the -o option in GCC, executable files usually have no suffixes
20 objdump
21 objdump d fattoriale.o
22 objdump h fattoriale.o
23 objdump h fattoriale
24 objdump h (2)
25 objdump h (3)
26 GDB
27 Why use a debugger? No one writes perfect code first time, every time Desk checking code can be tedious and error-prone Putting print statements in the code requires recompilation and a guess as to the source of the problem Debuggers are powerful and flexible
28 Common debugger functions Run program Stop program at breakpoints Execute one line at a time Display values of variables Show sequence of function calls
29 The GNU debugger (gdb) A debugger is closely tied to the compiler. gcc gdb, cxx ladebug, cc - dbx Command line debugger for gnu's compilers (gcc, g++) gdb The most common way to invoke: gdb executable
30 Invoking gdb Start debugging an executable gdb executable * Load a corefile gdb executable [-c] corefile Attach to a running process gdb executable pid as long as pid is not a file in the current directory
31 Inspecting a corefile When a program crashes it may leave a core dump which can be used to figure out exactly why the program crashed Core dumps are disabled by default on many Linux distributions they can be enabled with the command $ulimit c unlimited You can look at any corefile to see the state of the corresponding program at the time of the crash Load executable and corefile into the debugger Use GDB's backtrace (bt) command to see the call stack
32 Running a program in GDB You can run programs in the debugger see value of variables and expressions look at source code as it's executed change the value of variables move the execution pointer many other things
33 Compile for debugging When compiling your program, add the g flag to the command line: gcc -g -o prog prog.c This adds extra symbol information, so the debugger knows how you called the variables in your source, can show you the source code and which line will be executed next
34 Looking at your source list or l (list code) list list main list 56 list 53,77
35 Breakpoints A place where execution pauses, waits for a user command Can break at a function, a line number, or on a certain condition break or b (set a breakpoint) break main break 10 watch expr
36 Execution commands run or r (run program from beginning) run run arglist Or, you can set arguments to be passed to the program this way: set args arglist start starts debugging, breaks at main kill stops debugging
37 More Execution commands next or n execute next line, stepping over function calls step or s execute next line, stepping into function calls continue or cont resume execution, until next breakpoint
38 Examining data print [expr] print [/format] [expr] print /d x print x*y print function(x) printf X=%d, Y=%d\n,X,Y display (continuously display value) undisplay (remove displayed value) where (show current function stack) set (change a value) set n=3
39 Miscellaneous commands help or h (display help text) help help step help breakpoints quit or q (quit gdb)
40 Registers content Registers name is prefixed by $. $pc indicates the program counter and $sp the stack pointer (gdb) info registers Shows the contents of all general purpose registers (gdb) info all-registers Shows all registers Es. (gdb) p/x $pc $6 = 0x Shows the content of the program counter (gdb) x/i $pc lea 0xffffffe8(%ebp),%eax 0x <main+30>: Show the content of the memory addressed by pc (gdb) set $sp += 4 Modify the stack pointer s value
41 gdb exercise The programs below are buggy Copy the files to your local file system; then, compile and run Do you see the problem? Can you fix it easily? gdb will help Use gdb to examine programs behavior and fix the bug
42 .text.global _start _start: GBD 1 # section declaration # we must export the entry point to the ELF linker or # loader. They conventionally recognize _start as # entry point. Use ld -e foo to override the default # write our string to stdout movl len,%edx # third argument: message length movl $msg,%ecx # second argument: pointer to msg movl $1,%ebx # first argument: file handle (stdout) movl $4,%eax # system call number (sys_write) int $0x80 # call kernel and exit movl $0,%ebx # first argument: exit code movl $1,%eax # system call number (sys_exit) int $0x80 # call kernel.data # section declaration msg:.ascii "Hello, world!\n"# our dear string len =. - msg # length of our dear string
43 GDB 2 1 : #include <stdio.h> 2 : #include <ctype.h> 3 : 4 : int main(int argc, char **argv) 5 : { 6 : char c; 7 : 8 : c = fgetc(stdin); 9 : while(c!= EOF){ 10: 11: if(isalnum(c)) 12: printf("%c", c); 13: else 14: c = fgetc(stdin); 15: } 16: 17: return 1; 18: }
44 ASSEMBLER (II PARTE)
45 Memory Layout
46 Memory Layout
47 Stack
48 Where is stored msg?
49 Why on the stack and not in.data?
50 Stack Many CPU s have built-in support for a stack a Last-In First-Out (LIFO) list The stack is an area of memory that is organized in this fashion. The PUSH instruction adds data to the stack and the POP instruction removes data The data removed is always the last data added The ESP register contains the address of the data that would be removed from the stack. This data is said to be at the top of the stack The processor references the SS register automatically for all stack operations. Also, the CALL, RET, PUSH, POP, ENTER, and LEAVE instructions all perform operations on the current stack. Data can only be added in double word units. That is, one can not push a single byte on the stack
51 Stack
52 Runtime Stack Managed by the CPU, using two registers SS (stack segment) ESP (stack pointer) * Offset FFC 00000FF FF FF ESP
53 PUSH The PUSH instruction inserts a double word on the stack by subtracting 4 from ESP and then stores the double word at [ESP] pushl src à subl $4,%esp movl src,(%esp) The 80x86 also provides a PUSHA instruction that pushes the values of EAX, EBX, ECX, EDX, ESI, EDI and EBP registers (not in this order)
54 PUSH Operation (1 of 2) A 32-bit push operation decrements the stack pointer by 4 and copies a value into the location pointed to by the stack pointer. BEFORE AFTER ESP FFC 00000FFC A5 ESP 00000FF FF FF FF FF FF0
55 PUSH Operation (2 of 2) This is the same stack, after pushing two more integers: Offset FFC 00000FF FF FF A ESP The stack grows downward. The area below ESP is always available (unless the stack has overflowed).
56 POP The POP instruction reads the double word at [ESP] and then adds 4 to ESP popl dest à movl (%esp),dest addl $4,%esp The popa instruction, recovers the original values of the registers saved by the pusha
57 POP Operation Copies a value at stack[esp] into a register or variable Adds n to ESP, where n is either 2 or 4. depends on the operand receiving the data BEFORE AFTER FFC A FFC A FF FF ESP 00000FF ESP 00000FF FF FF0
58 Esercizio Scrivere un programma in assembler che inverte il contenuto di una stringa data. Esempio: Data la stringa: Hello World! Stampa la stringa:!dlrow olleh
59 The stack for managing function call Calling and returning How does caller function jump to callee function? How does callee function jump back to the right place in caller function? Passing parameters How does caller function pass parameters to callee function? Storing local variables Where does callee function store its local variables? Handling registers How do caller and callee functions use same registers without interference? Returning a value How does callee function send return value back to caller function?
60 Calling and returning How does caller function jump to callee function? I.e., Jump to the address of the callee s first instruction How does the callee function jump back to the right place in caller function? Jump to the instruction immediately following the most-recently-executed call instruction
61 CALL/RET The 80x86 provides two instructions that use the stack to make calling subprograms quick and easy. The CALL instruction makes an unconditional jump to a subprogram and pushes the address of the next instruction on the stack The RET instruction pops off an address and jumps to that address When using these instructions, it is very important that one manage the stack correctly so that the right number is popped off by the RET instruction
62 Implementation of Call call subprogram1 becomes: pushl %eip jmp subprogram1 ESP à Saved EIP
63 Implementation of ret ret becomes: pop %eip ESP à Saved EIP
64 Passing Parameters How does caller function pass parameters to callee function? Attempted solution: Pass parameters in registers Problem: Cannot handle nested function calls Also: How to pass parameters that are longer than 4 bytes? Caller pushes parameters before executing the call instruction Parameters are pushed in the reverse order Push the nth parameter first Push 1 parameter last
65 Parameter Parameter n Parameter ESP before à call Parameter 1
66 Parameter ESP after à call Parameter n Parameter Parameter 1 Saved EIP Callee addresses params relative to ESP: Param 1 as 4(%esp)
67 Parameter After returning, the caller pops the parameters from the stack sub: # Push parameters pushl $5 movl 4(%esp),var1 pushl $4 movl 8(%esp),var2 pushl $3 movl 12(%esp), var3 call sub # Pop parameters ret addl $12, %esp
68 %ebp As callee executes, ESP may change E.g., preparing to call another function It can be very error prone to use ESP when referencing parameters. To solve this problem, the supplies another register to use: EBP. This register s only purpose is to reference data on the stack Use EBP as fixed reference point to access params
69 Using EBP (prolog) A subprogram before overwriting ebp first save the old value of EBP on the stack and then set EBP to be equal to ESP. This allows ESP to change as data is pushed or popped off the stack without modifying EBP pushl %ebp movl %esp, %ebp (sub Local_bytes, %esp) Regardless of ESP, the subprogram can reference param 1 as 8(%ebp), param 2 as 12(%ebp), etc.
70 Using ebp (epilog) Before returning, callee must restore ESP and EBP to their old values executing the epilog movl %ebp, %esp popl %ebp ret
71 Enter/Leave The ENTER instruction performs the prologue code and the LEAVE performs the epilogue The ENTER instruction takes two immediate operands. For the C calling convention, the second operand is always 0. The first operand is the number bytes needed by local variables. The LEAVE instruction has no operands Sicurezza Informatica Danilo Bruschi
72 Epilogo Parameter n Parameter à movl %ebp, %esp popl %ebp ret Ebp à Parameter 1 Saved EIP Old EBP Esp à
73 Epilogo Parameter n Parameter Parameter Old EBP 1 à movl %ebp, %esp popl %ebp ret Esp = Ebp à Saved Saved EIP EIP Parameter Old EBP 1 Parameter Parameter n Old Esp à
74 Epilogo Ebp à Parameter n à movl %ebp, %esp popl %ebp ret Esp à Parameter Parameter 1 Saved EIP
75 Epilogo Ebp à Parameter n à movl %ebp, %esp popl %ebp ret Esp à Parameter Parameter 1
76 Storing local variables Where does callee function store its local variables? Local variables: Short-lived, so don t need a permanent location in Memory Size known in advance, so don t need to allocate on the heap The function just uses the top of the stack Local variables of the callee are allocated on the stack by moving the stack pointer subl $8,%esp #allocate memory for 2 integers Reference local variables as negative offsets relative to EBP
77 Registers Handling How do caller and callee functions use same registers without interference? Callee may use a register that the caller also is using Solution: save the registers on the stack Someone must save old register contents Someone must later restore the register contents Define a convention for who saves and restores which registers
78 Registers handling Caller-save registers EAX, EBX, ECX (when necessary ) Saves on stack before call Restores from stack after call Callee-save registers EAX, EBX, ECX (when necessary) Saves on stack after prolog Restores from stack before epilog
79 Stack Frame Any active function has its own stack frame Stack frame contains: Return address (Saved EIP) Old EBP Saved register values Local variables Parameters to be passed to callee function ESP points to top (low memory) of current stack frame EBP points to bottom (high memory) of current stack frame
80 Example: stack.c #include <stdio.h> int main() { int x = foo( 10 ); printf( "the value of x = %d\n", x ); return 0; } int foo( int i ) { int ii = i + i; int iii = bar( ii ); int iiii = iii; return iiii; } int bar( int j ) { int jj = j + j; return jj; } Compiliamo con il comando gcc S stack.c - o stack.s
81 Lo stack che ci aspettiamo Ret. Addr. Saved EBP x param. 1 Ret. Addr. Main Saved EBP main foo iiii iii ii param. 1 ESP à Ret. Addr. foo Saved EBP jj bar
82 .file "stack.c".section.rodata.lc0:.string "the value of x = %d\n".text.globl main.type main: leal 4(%esp), %ecx andl $-16, %esp pushl -4(%ecx) pushl %ebp movl %esp, %ebp pushl %ecx subl $36, %esp movl $10, (%esp) call foo movl %eax, -8(%ebp) movl -8(%ebp), %eax movl %eax, 4(%esp) movl $.LC0, (%esp) call printf movl $0, %eax addl $36, %esp popl %ecx popl %ebp Assembler: main
83 Assembler : foo.globl foo.type foo: pushl movl subl movl addl movl movl movl call movl movl movl movl leave ret.size %ebp %esp, %ebp $24, %esp 8(%ebp), %eax %eax, %eax %eax, -12(%ebp) -12(%ebp), %eax %eax, (%esp) bar %eax, -8(%ebp) -8(%ebp), %eax %eax, -4(%ebp) -4(%ebp), %eax foo,.-foo
84 Assembler: bar.globl bar.type bar: pushl movl subl movl addl movl movl leave ret.size %ebp %esp, %ebp $16, %esp 8(%ebp), %eax %eax, %eax %eax, -4(%ebp) -4(%ebp), %eax bar,.-bar
85 Compilazione ottimizzata Non Ottimizzata Ottimizzata.globl bar.type bar: pushl movl subl movl addl movl movl leave ret. %ebp %esp, %ebp $16, %esp 8(%ebp), %eax %eax, %eax %eax, -4(%ebp) -4(%ebp), %eax.globl bar.type bar: pushl movl movl addl popl ret %ebp %esp, %ebp 8(%ebp), %eax %eax, %eax %ebp
86 Compilazione ottimizzata Non Ottimizzata Ottimizzata.globl foo.type foo: pushl movl subl movl addl %ebp %esp, %ebp $24, %esp 8(%ebp), %eax %eax, %eax.globl foo.type foo: pushl movl subl movl %ebp %esp, %ebp $4, %esp 8(%ebp), %eax movl %eax, -12(%ebp) addl %eax, %eax movl movl call movl movl -12(%ebp), %eax %eax, (%esp) bar %eax, -8(%ebp) -8(%ebp), %eax movl call leave ret %eax, (%esp) bar movl %eax, -4(%ebp) movl -4(%ebp), %eax leave ret
87 Esercizio 1 /* stack1-stdin.c * * specially crafted to feed your brain by gera InsecureProgramming */ #include <stdio.h> int main() { int cookie; char buf[80]; printf("buf: %08x cookie: %08x\n", &buf, &cookie); gets(buf); } if (cookie == 0x ) printf("you win!\n");
88 Compile Compile (64/32): gcc -fno-stack-protector -z execstack (-m32) classic.c -o classic Disable ASLR: echo 0 > /proc/sys/kerne/randomize_va_space Solution perl -e 'print "A" x 92. "DCBA"'./gera1
89 Esercizio 2 /* stack2-stdin.c * * specially crafted to feed your brain by gera */ #include <stdio.h> int main() { int cookie; char buf[80]; printf("buf: %08x cookie: %08x\n", &buf, &cookie); gets(buf); } if (cookie == 0x ) printf("you win!\n");
Sistemi Operativi. Lez. 16 Elementi del linguaggio Assembler AT&T
Sistemi Operativi Lez. 16 Elementi del linguaggio Assembler AT&T Data Sizes Three main data sizes Byte (b): 1 byte Word (w): 2 bytes Long (l): 4 bytes Separate assembly-language instructions E.g., addb,
More informationAssembly Language: Function Calls
Assembly Language: Function Calls 1 Goals of this Lecture Help you learn: Function call problems: Calling and returning Passing parameters Storing local variables Handling registers without interference
More informationAssembly Language: Function Calls" Goals of this Lecture"
Assembly Language: Function Calls" 1 Goals of this Lecture" Help you learn:" Function call problems:" Calling and returning" Passing parameters" Storing local variables" Handling registers without interference"
More informationAssembly Language: Function Calls" Goals of this Lecture"
Assembly Language: Function Calls" 1 Goals of this Lecture" Help you learn:" Function call problems:" Calling and urning" Passing parameters" Storing local variables" Handling registers without interference"
More informationAssembly Language: Function Calls. Goals of this Lecture. Function Call Problems
Assembly Language: Function Calls 1 Goals of this Lecture Help you learn: Function call problems: Calling and urning Passing parameters Storing local variables Handling registers without interference Returning
More informationFunction Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)
Function Calls COS 217 Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site) 1 Goals of Today s Lecture Finishing introduction to assembly language o EFLAGS register
More informationCSC 2400: Computing Systems. X86 Assembly: Function Calls"
CSC 24: Computing Systems X86 Assembly: Function Calls" 1 Lecture Goals! Challenges of supporting functions" Providing information for the called function" Function arguments and local variables" Allowing
More informationCSC 2400: Computing Systems. X86 Assembly: Function Calls
CSC 24: Computing Systems X86 Assembly: Function Calls 1 Lecture Goals Challenges of supporting functions Providing information for the called function Function arguments and local variables Allowing the
More informationx86 assembly CS449 Fall 2017
x86 assembly CS449 Fall 2017 x86 is a CISC CISC (Complex Instruction Set Computer) e.g. x86 Hundreds of (complex) instructions Only a handful of registers RISC (Reduced Instruction Set Computer) e.g. MIPS
More informationIntel assembly language using gcc
QOTD Intel assembly language using gcc Assembly language programming is difficult. Make no mistake about that. It is not for wimps and weaklings. - Tanenbaum s 6th, page 519 These notes are a supplement
More informationW4118: PC Hardware and x86. Junfeng Yang
W4118: PC Hardware and x86 Junfeng Yang A PC How to make it do something useful? 2 Outline PC organization x86 instruction set gcc calling conventions PC emulation 3 PC board 4 PC organization One or more
More informationCPS104 Recitation: Assembly Programming
CPS104 Recitation: Assembly Programming Alexandru Duțu 1 Facts OS kernel and embedded software engineers use assembly for some parts of their code some OSes had their entire GUIs written in assembly in
More informationCMSC 313 Lecture 12 [draft] How C functions pass parameters
CMSC 313 Lecture 12 [draft] How C functions pass parameters UMBC, CMSC313, Richard Chang Last Time Stack Instructions: PUSH, POP PUSH adds an item to the top of the stack POP removes an
More informationCPEG421/621 Tutorial
CPEG421/621 Tutorial Compiler data representation system call interface calling convention Assembler object file format object code model Linker program initialization exception handling relocation model
More informationLab 10: Introduction to x86 Assembly
CS342 Computer Security Handout # 8 Prof. Lyn Turbak Wednesday, Nov. 07, 2012 Wellesley College Revised Nov. 09, 2012 Lab 10: Introduction to x86 Assembly Revisions: Nov. 9 The sos O3.s file on p. 10 was
More informationTeensy Tiny ELF Programs
Teensy Tiny ELF Programs inspired by Brian Raiter Roland Hieber Stratum 0 e. V. March 15, 2013 1 / 14 Hello World # include int main ( int argc, char ** argv ) { printf (" Hello World!\n"); return
More informationProcedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29
Procedure Calls Young W. Lim 2017-08-21 Mon Young W. Lim Procedure Calls 2017-08-21 Mon 1 / 29 Outline 1 Introduction Based on Stack Background Transferring Control Register Usage Conventions Procedure
More informationCMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang
Project 3 Questions CMSC 313 Lecture 12 How C functions pass parameters UMBC, CMSC313, Richard Chang Last Time Stack Instructions: PUSH, POP PUSH adds an item to the top of the stack POP
More informationProcedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27
Procedure Calls Young W. Lim 2016-11-05 Sat Young W. Lim Procedure Calls 2016-11-05 Sat 1 / 27 Outline 1 Introduction References Stack Background Transferring Control Register Usage Conventions Procedure
More informationx86 Assembly Tutorial COS 318: Fall 2017
x86 Assembly Tutorial COS 318: Fall 2017 Project 1 Schedule Design Review: Monday 9/25 Sign up for 10-min slot from 3:00pm to 7:00pm Complete set up and answer posted questions (Official) Precept: Monday
More informationCS241 Computer Organization Spring 2015 IA
CS241 Computer Organization Spring 2015 IA-32 2-10 2015 Outline! Review HW#3 and Quiz#1! More on Assembly (IA32) move instruction (mov) memory address computation arithmetic & logic instructions (add,
More informationQuestion 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110
Questions 1 Question 4.1 1: (Solution, p 5) Define the fetch-execute cycle as it relates to a computer processing a program. Your definition should describe the primary purpose of each phase. Question
More informationX86 Review Process Layout, ISA, etc. CS642: Computer Security. Drew Davidson
X86 Review Process Layout, ISA, etc. CS642: Computer Security Drew Davidson davidson@cs.wisc.edu From Last Time ACL-based permissions (UNIX style) Read, Write, execute can be restricted on users and groups
More informationCNIT 127: Exploit Development. Ch 1: Before you begin. Updated
CNIT 127: Exploit Development Ch 1: Before you begin Updated 1-14-16 Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as Denial
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationTHEORY OF COMPILATION
Lecture 10 Activation Records THEORY OF COMPILATION EranYahav www.cs.technion.ac.il/~yahave/tocs2011/compilers-lec10.pptx Reference: Dragon 7.1,7.2. MCD 6.3,6.4.2 1 You are here Compiler txt Source Lexical
More informationELF (1A) Young Won Lim 3/24/16
ELF (1A) Copyright (c) 21-216 Young W. Lim. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version
More informationAssembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction
Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction E I P CPU isters Condition Codes Addresses Data Instructions Memory Object Code Program Data OS Data Topics Assembly Programmer
More informationASSEMBLY III: PROCEDURES. Jo, Heeseung
ASSEMBLY III: PROCEDURES Jo, Heeseung IA-32 STACK (1) Characteristics Region of memory managed with stack discipline Grows toward lower addresses Register indicates lowest stack address - address of top
More informationAssembly III: Procedures. Jo, Heeseung
Assembly III: Procedures Jo, Heeseung IA-32 Stack (1) Characteristics Region of memory managed with stack discipline Grows toward lower addresses Register indicates lowest stack address - address of top
More informationCSE 351: Week 4. Tom Bergan, TA
CSE 35 Week 4 Tom Bergan, TA Does this code look okay? int binarysearch(int a[], int length, int key) { int low = 0; int high = length - ; while (low
More informationSimple C Program. Assembly Ouput. Using GCC to produce Assembly. Assembly produced by GCC is easy to recognize:
Simple C Program Helloworld.c Programming and Debugging Assembly under Linux slides by Alexandre Denault int main(int argc, char *argv[]) { } printf("hello World"); Programming and Debugging Assembly under
More informationCS 33: Week 3 Discussion. x86 Assembly (v1.0) Section 1G
CS 33: Week 3 Discussion x86 Assembly (v1.0) Section 1G Announcements - HW2 due Sunday - MT1 this Thursday! - Lab2 out Info Name: Eric Kim (Section 1G, 2-4 PM, BH 5419) Office Hours (Boelter 2432) - Wed
More informationCS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016
CS 31: Intro to Systems Functions and the Stack Martin Gagne Swarthmore College February 23, 2016 Reminders Late policy: you do not have to send me an email to inform me of a late submission before the
More informationProcess Layout and Function Calls
Process Layout and Function Calls CS 6 Spring 07 / 8 Process Layout in Memory Stack grows towards decreasing addresses. is initialized at run-time. Heap grow towards increasing addresses. is initialized
More informationX86 Stack Calling Function POV
X86 Stack Calling Function POV Computer Systems Section 3.7 Stack Frame Reg Value ebp xffff FFF0 esp xffff FFE0 eax x0000 000E Memory Address Value xffff FFF8 xffff FFF4 x0000 0004 xffff FFF4 x0000 0003
More informationCMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING PREVIEW SLIDES 16, SPRING 2013
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING PREVIEW SLIDES 16, SPRING 2013 CONST POINTERS CONST POINTERS 4 ways to declare pointers in combination with const:!! int *ptr! const int *ptr!
More informationWinter Compiler Construction T11 Activation records + Introduction to x86 assembly. Today. Tips for PA4. Today:
Winter 2006-2007 Compiler Construction T11 Activation records + Introduction to x86 assembly Mooly Sagiv and Roman Manevich School of Computer Science Tel-Aviv University Today ic IC Language Lexical Analysis
More informationAssembly III: Procedures. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Assembly III: Procedures Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu IA-32 (1) Characteristics Region of memory managed with stack discipline
More informationIslamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 7. Procedures and the Stack
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 7 Procedures and the Stack April, 2014 1 Assembly Language LAB Runtime Stack and Stack
More informationCS165 Computer Security. Understanding low-level program execution Oct 1 st, 2015
CS165 Computer Security Understanding low-level program execution Oct 1 st, 2015 A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns
More informationCSC 2400: Computer Systems. Using the Stack for Function Calls
CSC 24: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
More informationx86 architecture et similia
x86 architecture et similia 1 FREELY INSPIRED FROM CLASS 6.828, MIT A full PC has: PC architecture 2 an x86 CPU with registers, execution unit, and memory management CPU chip pins include address and data
More informationAn Experience Like No Other. Stack Discipline Aug. 30, 2006
15-410 An Experience Like No Other Discipline Aug. 30, 2006 Bruce Maggs Dave Eckhardt Slides originally stolen from 15-213 15-410, F 06 Synchronization Registration If you're here but not registered, please
More informationMachine-level Representation of Programs. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Machine-level Representation of Programs Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Program? 짬뽕라면 준비시간 :10 분, 조리시간 :10 분 재료라면 1개, 스프 1봉지, 오징어
More informationComputer Systems Lecture 9
Computer Systems Lecture 9 CPU Registers in x86 CPU status flags EFLAG: The Flag register holds the CPU status flags The status flags are separate bits in EFLAG where information on important conditions
More informationCS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017
CS 31: Intro to Systems ISAs and Assembly Martin Gagné Swarthmore College February 7, 2017 ANNOUNCEMENT All labs will meet in SCI 252 (the robot lab) tomorrow. Overview How to directly interact with hardware
More informationStack Debugging. Young W. Lim Sat. Young W. Lim Stack Debugging Sat 1 / 40
Stack Debugging Young W. Lim 2017-07-22 Sat Young W. Lim Stack Debugging 2017-07-22 Sat 1 / 40 Outline 1 Introduction References Compiling to IA32 Assembly Checking /proc//maps file Checking Stack
More informationAssembly Language Programming - III
Assembly Language Programming - III GDB Debugger Please refer to the handout New GDB commands (power.s) info registers (prints all register values) print/d $eax (prints individual register value. Note
More informationCSC 8400: Computer Systems. Using the Stack for Function Calls
CSC 84: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
More informationx86 assembly CS449 Spring 2016
x86 assembly CS449 Spring 2016 CISC vs. RISC CISC [Complex instruction set Computing] - larger, more feature-rich instruction set (more operations, addressing modes, etc.). slower clock speeds. fewer general
More informationBinghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11
X86 Debug Computer Systems Section 3.11 GDB is a Source Level debugger We have learned how to debug at the C level Now, C has been translated to X86 assembler! How does GDB play the shell game? Makes it
More informationSystem calls and assembler
System calls and assembler Michal Sojka sojkam1@fel.cvut.cz ČVUT, FEL License: CC-BY-SA 4.0 System calls (repetition from lectures) A way for normal applications to invoke operating system (OS) kernel's
More informationAS08-C++ and Assembly Calling and Returning. CS220 Logic Design AS08-C++ and Assembly. AS08-C++ and Assembly Calling Conventions
CS220 Logic Design Outline Calling Conventions Multi-module Programs 1 Calling and Returning We have already seen how the call instruction is used to execute a subprogram. call pushes the address of the
More informationadministrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?
administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions? exam on Wednesday today s material not on the exam 1 Assembly Assembly is programming
More informationGDB Tutorial. Young W. Lim Tue. Young W. Lim GDB Tutorial Tue 1 / 32
GDB Tutorial Young W. Lim 2017-02-14 Tue Young W. Lim GDB Tutorial 2017-02-14 Tue 1 / 32 Outline 1 Introduction Young W. Lim GDB Tutorial 2017-02-14 Tue 2 / 32 Based on "Self-service Linux: Mastering the
More informationTurning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p Use optimizations (-O) Put resulting binary in file p
Turning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p Use optimizations (-O) Put resulting binary in file p text C program (p1.c p2.c) Compiler (gcc -S) text Asm
More informationProgram Exploitation Intro
Program Exploitation Intro x86 Assembly 04//2018 Security 1 Univeristà Ca Foscari, Venezia What is Program Exploitation "Making a program do something unexpected and not planned" The right bugs can be
More informationCIT Week13 Lecture
CIT 3136 - Week13 Lecture Runtime Environments During execution, allocation must be maintained by the generated code that is compatible with the scope and lifetime rules of the language. Typically there
More informationLinux Memory Layout. Lecture 6B Machine-Level Programming V: Miscellaneous Topics. Linux Memory Allocation. Text & Stack Example. Topics.
Lecture 6B Machine-Level Programming V: Miscellaneous Topics Topics Linux Memory Layout Understanding Pointers Buffer Overflow Upper 2 hex digits of address Red Hat v. 6.2 ~1920MB memory limit FF C0 Used
More informationUniversità Ca Foscari Venezia
Stack Overflow Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Introduction Buffer overflow is due to careless programming in unsafe languages like C
More informationCS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly
Raluca Popa Spring 2018 CS 161 Computer Security Discussion 1 Week of January 22, 2018: GDB and x86 assembly Objective: Studying memory vulnerabilities requires being able to read assembly and step through
More informationMachine Language, Assemblers and Linkers"
Machine Language, Assemblers and Linkers 1 Goals for this Lecture Help you to learn about: IA-32 machine language The assembly and linking processes 2 1 Why Learn Machine Language Last stop on the language
More informationCSE 351 Section 4 GDB and x86-64 Assembly Hi there! Welcome back to section, we re happy that you re here
CSE 351 Section 4 GDB and x86-64 Assembly Hi there! Welcome back to section, we re happy that you re here x86-64 Assembly Language Assembly language is a human-readable representation of machine code instructions
More informationCS213. Machine-Level Programming III: Procedures
CS213 Machine-Level Programming III: Procedures Topics IA32 stack discipline Register saving conventions Creating pointers to local variables IA32 Region of memory managed with stack discipline Grows toward
More informationROP It Like It s Hot!
Wednesday, December 3, 14 2014 Red Canari, Inc. All rights reserved. 1 I N F O R M AT I O N S E C U R I T Y ROP It Like It s Hot! A 101 on Buffer Overflows, Return Oriented Programming, & Shell- code Development
More informationCS642: Computer Security
X86 Review Process Layout, ISA, etc. CS642: Computer Security Drew Davidson davidson@cs.wisc.edu From Last Week ACL- based permissions (UNIX style) Read, Write, execute can be restricted on users and groups
More informationStack Discipline Jan. 19, 2018
15-410 An Experience Like No Other Discipline Jan. 19, 2018 Dave Eckhardt Brian Railing Slides originally stolen from 15-213 1 15-410, S 18 Synchronization Registration The wait list will probably be done
More informationbuffer overflow exploitation
buffer overflow exploitation Samuele Andreoli, Nicolò Fornari, Giuseppe Vitto May 11, 2016 University of Trento Introduction 1 introduction A Buffer Overflow is an anomaly where a program, while writing
More informationComputer Architecture and Assembly Language. Practical Session 3
Computer Architecture and Assembly Language Practical Session 3 Advanced Instructions division DIV r/m - unsigned integer division IDIV r/m - signed integer division Dividend Divisor Quotient Remainder
More informationInstruction Set Architectures
Instruction Set Architectures! ISAs! Brief history of processors and architectures! C, assembly, machine code! Assembly basics: registers, operands, move instructions 1 What should the HW/SW interface
More informationMachine Programming 3: Procedures
Machine Programming 3: Procedures CS61, Lecture 5 Prof. Stephen Chong September 15, 2011 Announcements Assignment 2 (Binary bomb) due next week If you haven t yet please create a VM to make sure the infrastructure
More informationLow-Level Essentials for Understanding Security Problems Aurélien Francillon
Low-Level Essentials for Understanding Security Problems Aurélien Francillon francill@eurecom.fr Computer Architecture The modern computer architecture is based on Von Neumann Two main parts: CPU (Central
More informationCS356: Discussion #6 Assembly Procedures and Arrays. Marco Paolieri
CS356: Discussion #6 Assembly Procedures and Arrays Marco Paolieri (paolieri@usc.edu) Procedures Functions are a key abstraction in software They break down a problem into subproblems. Reusable functionality:
More informationSubprograms: Local Variables
Subprograms: Local Variables ICS312 Machine-Level and Systems Programming Henri Casanova (henric@hawaii.edu) Local Variables in Subprograms In all the examples we have seen so far, the subprograms were
More informationInstruction Set Architecture
CS:APP Chapter 4 Computer Architecture Instruction Set Architecture Randal E. Bryant Carnegie Mellon University http://csapp.cs.cmu.edu CS:APP Instruction Set Architecture Assembly Language View Processor
More informationCMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 16, SPRING 2013 TOPICS TODAY Project 6 Perils & Pitfalls of Memory Allocation C Function Call Conventions in Assembly Language PERILS
More informationMachine-level Programming (3)
Machine-level Programming (3) Procedures A: call A call A return Two issues How to return to the correct position? How to pass arguments and return values between callee to caller? 2 Procedure Control
More informationInstruction Set Architecture
CS:APP Chapter 4 Computer Architecture Instruction Set Architecture Randal E. Bryant Carnegie Mellon University http://csapp.cs.cmu.edu CS:APP Instruction Set Architecture Assembly Language View! Processor
More informationInstructor: Alvin R. Lebeck
X86 Assembly Programming with GNU assembler Lecture 7 Instructor: Alvin R. Lebeck Some Slides based on those from Randy Bryant and Dave O Hallaron Admin Reading: Chapter 3 Note about pointers: You must
More informationCS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College February 9, 2016
CS 31: Intro to Systems ISAs and Assembly Kevin Webb Swarthmore College February 9, 2016 Reading Quiz Overview How to directly interact with hardware Instruction set architecture (ISA) Interface between
More informationCMSC Lecture 03. UMBC, CMSC313, Richard Chang
CMSC Lecture 03 Moore s Law Evolution of the Pentium Chip IA-32 Basic Execution Environment IA-32 General Purpose Registers Hello World in Linux Assembly Language Addressing Modes UMBC, CMSC313, Richard
More informationSYSTEM CALL IMPLEMENTATION. CS124 Operating Systems Fall , Lecture 14
SYSTEM CALL IMPLEMENTATION CS124 Operating Systems Fall 2017-2018, Lecture 14 2 User Processes and System Calls Previously stated that user applications interact with the kernel via system calls Typically
More informationCompiler Construction D7011E
Compiler Construction D7011E Lecture 8: Introduction to code generation Viktor Leijon Slides largely by Johan Nordlander with material generously provided by Mark P. Jones. 1 What is a Compiler? Compilers
More informationCSCI 192 Engineering Programming 2. Assembly Language
CSCI 192 Engineering Programming 2 Week 5 Assembly Language Lecturer: Dr. Markus Hagenbuchner Slides by: Igor Kharitonenko and Markus Hagenbuchner Room 3.220 markus@uow.edu.au UOW 2010 24/08/2010 1 C Compilation
More informationReverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher
Reverse Engineering II: Basics Gergely Erdélyi Senior Antivirus Researcher Agenda Very basics Intel x86 crash course Basics of C Binary Numbers Binary Numbers 1 Binary Numbers 1 0 1 1 Binary Numbers 1
More informationThe IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta
1 The IA-32 Stack and Function Calls CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta 2 Important Registers used with the Stack EIP: ESP: EBP: 3 Important Registers used with the Stack EIP:
More informationICS143A: Principles of Operating Systems. Midterm recap, sample questions. Anton Burtsev February, 2017
ICS143A: Principles of Operating Systems Midterm recap, sample questions Anton Burtsev February, 2017 Describe the x86 address translation pipeline (draw figure), explain stages. Address translation What
More informationC Compilation Model. Comp-206 : Introduction to Software Systems Lecture 9. Alexandre Denault Computer Science McGill University Fall 2006
C Compilation Model Comp-206 : Introduction to Software Systems Lecture 9 Alexandre Denault Computer Science McGill University Fall 2006 Midterm Date: Thursday, October 19th, 2006 Time: from 16h00 to 17h30
More informationThe course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, 2002
15-213 The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, 2002 Topics IA32 stack discipline Register saving conventions Creating pointers to local variables class07.ppt
More informationDigital Forensics Lecture 3 - Reverse Engineering
Digital Forensics Lecture 3 - Reverse Engineering Low-Level Software Akbar S. Namin Texas Tech University Spring 2017 Reverse Engineering High-Level Software Low-level aspects of software are often the
More informationCPSC W Term 2 Problem Set #3 - Solution
1. (a) int gcd(int a, int b) { if (a == b) urn a; else if (a > b) urn gcd(a - b, b); else urn gcd(a, b - a); CPSC 313 06W Term 2 Problem Set #3 - Solution.file "gcdrec.c".globl gcd.type gcd, @function
More informationSystems I. Machine-Level Programming V: Procedures
Systems I Machine-Level Programming V: Procedures Topics abstraction and implementation IA32 stack discipline Procedural Memory Usage void swap(int *xp, int *yp) int t0 = *xp; int t1 = *yp; *xp = t1; *yp
More informationInstruction Set Architectures
Instruction Set Architectures ISAs Brief history of processors and architectures C, assembly, machine code Assembly basics: registers, operands, move instructions 1 What should the HW/SW interface contain?
More informationCNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux
CNIT 127: Exploit Development Ch 2: Stack Overflows in Linux Stack-based Buffer Overflows Most popular and best understood exploitation method Aleph One's "Smashing the Stack for Fun and Profit" (1996)
More informationMACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION
MACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION Today: Machine Programming I: Basics History of Intel processors and architectures C, assembly, machine code Assembly Basics:
More informationCS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College September 25, 2018
CS 31: Intro to Systems ISAs and Assembly Kevin Webb Swarthmore College September 25, 2018 Overview How to directly interact with hardware Instruction set architecture (ISA) Interface between programmer
More informationAssembly Language Lab # 9
Faculty of Engineering Computer Engineering Department Islamic University of Gaza 2011 Assembly Language Lab # 9 Stacks and Subroutines Eng. Doaa Abu Jabal Assembly Language Lab # 9 Stacks and Subroutines
More informationAssignment 11: functions, calling conventions, and the stack
Assignment 11: functions, calling conventions, and the stack ECEN 4553 & 5013, CSCI 4555 & 5525 Prof. Jeremy G. Siek December 5, 2008 The goal of this week s assignment is to remove function definitions
More informationCS 537 Lecture 2 - Processes
CS 537 Lecture 2 - Processes Michael Swift 1 Basic Structure Kernel is a big program that starts when you boot your program Has full access to physical hardware. User programs, utilities, services see
More information