Buferio perpildymo klaida Įvadas, techniniai klausimai
|
|
- Brendan Johnston
- 5 years ago
- Views:
Transcription
1 Buferio perpildymo klaida Įvadas, techniniai klausimai Rolandas Griškevičius MSN: R. Griškevičius, Saugus programavimas, VGTU,
2 Įkrauta Linux programa Didžiausias adresas Argumentai ir aplinkos (env) kintamieji Stekas (auga žemyn) Nenaudojama atmintis Krūva, (heap), auga aukštyn Mažiausias adresas Neinicializuoti duomenys (.bss) Inicializuoti duomenys (.data) Programos kodas (.text) exec() inicializuoja nuliais Pvz. int notinit[ 1000 ]; exec() iniciaizuoja duomenimis iš vykdomojo elf failo Pvz. int inited[4] = {1,2,3,4}; exec() įkrauna į atmintį ir vykdomojo elf failo R. Griškevičius, Saugus programavimas, VGTU,
3 Krūva,.bss ir.data The heap: Most dynamic memory, whether requested via C's malloc() and similar or C++'s new is doled out to the program from the heap. The C library also gets dynamic memory for its own personal workspace from the heap as well. As more memory is requested "on the fly", the heap grows upward. Uninitialized Data Segment: Also named "bss" (block started by symbol) which was an operator used by an old assembler. This segment contains uninitialized global variables. All variables in this segment are initialized to 0 or NULL pointers before the program begins to execute. Initialized Data Segment: (.data) This segment contains global variables which are initialized by the programmer R. Griškevičius, Saugus programavimas, VGTU,
4 Stekas This area of memory holds some crucial information, like: 1. Storage space for all the automatic variables for the newly called function. 2. The line number of the calling function to return to when the called function returns. 3. The arguments, or parameters, of the called function. Each time a function is called, the address of where to return to and certain information about the caller's environment, such as some of the machine registers, are saved on the stack. The newly called function then allocates room on the stack for its automatic and temporary variables. This is how recursive functions in C can work. Each time a recursive function calls itself, a new stack frame is used, so one set of variables doesn't interfere with the variables from another instance of the function. The stack is a collection of stack frames. When a new frame needs to be added (as a result of a newly called function), the stack grows downward R. Griškevičius, Saugus programavimas, VGTU,
5 asm aiškiai matomi.text ir.data section.text global _start ;section declaration _start: ;write our string to stdout mov edx,len ;third argument: message length mov ecx,msg ;second argument: ptr to msg to write mov ebx,1 ;first argument: file handle (stdout) mov eax,4 ;system call number (sys_write) int 0x80 ;call kernel ;and exit via system call mov ebx,0 ;first syscall argument: exit code mov eax,1 ;system call number (sys_exit) int 0x80 ;call kernel section.data ;section declaration msg db "Hello, world!",0xa ;non-c string len equ $ - msg ;length of string C kalboje už programuotoją segmentų priskyrimus atlieka kompiliatorius/ linkeris objdump -h <elf_vykdomasis failas> - vykdomojo failo sekcijų išvedimas R. Griškevičius, Saugus programavimas, VGTU,
6 Buferio perpildymo klaida Programa buferio perpildymo klaidos testavimui Kur pažeidžiamumas? >./test2 aaaaaaaaaaaaaa buff1: aaaa buff2: aaaaaaaaaaaaaa >./test2 aaaaaaaaaaaaaaa buff1: aaaaa buff2: aaaaaaaaaaaaaaa Segmentation fault int main(int argc, char *argv[]) { char buffer1[5]; char buffer2[10]; } strcpy(buffer2,argv[1]); printf("\nbuff1: %s\nbuff2: %s\n\n", buffer1,buffer2); return 0; >gcc test2.c -o test >./test2 aaaaaaaaaa buff1: buff2: aaaaaaaaaa >./test2 aaaaaaaaaaa buff1: a buff2: aaaaaaaaaaa R. Griškevičius, Saugus programavimas, VGTU,
7 Buferio perpildymo klaida Stekas auga žemyn Funkcijos kintamieji kuriame steke Masyvai taip pat C masyvas tai nuoroda į atmintį, ribų kontrolės nėra C stringas - char masyvas int main(int argc, char *argv[]) { char buffer1[5]; char buffer2[10]; } strcpy(buffer2,argv[1]); printf("\nbuff1: %s\nbuff2: %s\n\n", buffer1,buffer2); return 0; >./test2 aaaaaaaaaaaaaa buff1: aaaa buff2: aaaaaaaaaaaaaa >./test2 aaaaaaaaaaaaaaa buff1: aaaaa buff2: aaaaaaaaaaaaaaa Segmentation fault R. Griškevičius, Saugus programavimas, VGTU,
8 Disasembliuojam gdb <elf failas> disassemble main int main(int argc, char *argv[]) { char buffer1[5]; char buffer2[10]; } strcpy(buffer2,argv[1]); printf("\nbuff1: " "%s\nbuff2: %s\n\n", buffer1,buffer2); return 0; 0x <main+0>: lea 0x4(%esp),%ecx 0x <main+4>: and $0xfffffff0,%esp 0x b <main+7>: pushl -0x4(%ecx) 0x e <main+10>: push %ebp 0x f <main+11>: mov %esp,%ebp 0x <main+13>: push %ecx 0x <main+14>: sub $0x24,%esp 0x <main+17>: mov 0x4(%ecx),%eax 0x <main+20>: add $0x4,%eax 0x b <main+23>: mov (%eax),%eax 0x d <main+25>: mov %eax,0x4(%esp) 0x <main+29>: lea -0x13(%ebp),%eax 0x <main+32>: mov %eax,(%esp) 0x <main+35>: call 0x <strcpy@plt> 0x c <main+40>: lea -0x13(%ebp),%eax 0x f <main+43>: mov %eax,0x8(%esp) 0x <main+47>: lea -0x9(%ebp),%eax 0x <main+50>: mov %eax,0x4(%esp) 0x a <main+54>: movl $0x ,(%esp) 0x <main+61>: call 0x <printf@plt> 0x <main+66>: mov $0x0,%eax 0x b <main+71>: add $0x24,%esp 0x e <main+74>: pop %ecx 0x f <main+75>: pop %ebp 0x <main+76>: lea -0x4(%ecx),%esp 0x <main+79>: ret R. Griškevičius, Saugus programavimas, VGTU,
9 gdb Norint, kad sukompiliuota programa būtų susieta gdb'e su jos išeities kodu (source), reikia kompiliuoti su debug symbols gcc -o test2 test2.c -ggdb Programa debugeriui perduodama kaip komandinė eilutė arba komandos file pagalba Ar debug symbols buvo įkrauti kartu su programa, galima įsitikinti komandos list pagalba Komanda list išveda programos išeities tekstą, sunumeruotą eilučių numeriais Eilučių numerius galima naudoti b komandoje nustatant vykdymo pristabdymus (breakpoint) R. Griškevičius, Saugus programavimas, VGTU,
10 gdb 2 Programa paleidžiama komanda run <parametras1> <parametras n> Parametrų išdėstymas kaip ir leidžiant programą iš komandinės eilutės Jei yra nustatyti vykdymo pristabdymai (breakpointai), vykdymas bus pristabdytas artimiausiame Breakpoint 1, main (argc=2, argv=0xbfb8d734) at test2.c:5 5 strcpy(buffer2,argv[1]); Rodomas eilutės numeris, išeities teksto fragmentas R. Griškevičius, Saugus programavimas, VGTU,
11 gdb 3 Vykdymo valdymas run iš naujo paleidžia iki breakpoint'o, pabaigos (kokia bebūtų - normali, segmentation fault, etc) cont paleidžia vykdymą toliau iki pabaigos, kokia ji bebūtų step [n] n kartų vykdyti sekančią išeities teksto eilutę next [n] n kartų vykdyti sekančią išeities teksto eilutę, nelendant į call procedūros vidų stepi / nexti analogiškai, tik einama per vieną asemblerinę instrukciją R. Griškevičius, Saugus programavimas, VGTU,
12 gdb 4 Atvaizdavimas Kintamųjų ir registrų: print [/FMT] <kintamasis> print [/FMT] $<registras> Atminties: x [/FMT] <kintamasis> x [/FMT] $<registras> x [/FMT] 0x<atminties adresas> (gdb) help x FMT is a repeat count followed by a format letter and a size letter. Format letters are o(octal), x(hex), d(decimal), u(unsigned decimal), t(binary), f(float), a(address), i(instruction), c(char) and s(string). Size letters are b(byte), h(halfword), w(word), g(giant, 8 bytes). The specified number of objects of the specified size are printed according to the format. Defaults for format and size letters are those previously used. Default count is R. Griškevičius, Saugus programavimas, VGTU,
13 Literatūra Klasika tapęs dokumentas Smashing stack for fun and profit Istoriškai labai vertingas ir must read, tačiau morališkai pasenęs Kodėl R. Griškevičius, Saugus programavimas, VGTU,
Intro x86 Part 3: Linux Tools & Analysis
Intro x86 Part 3: Linux Tools & Analysis Xeno Kovah 2009/2010 xkovah at gmail Approved for Public Release: 10-3348. Distribution Unlimited All materials is licensed under a Creative Commons Share Alike
More informationAdvanced Magic - GDB
Division of Mathematics and Computer Science Maryville College Outline Introduction to GDB 1 Introduction to GDB 2 3 4 What is a debugger? A debugger is a program that helps you find and correcting errors
More informationBuffer Overflow Attack
Buffer Overflow Attack What every applicant for the hacker should know about the foundation of buffer overflow attacks By (Dalgona@wowhacker.org) Email: zinwon@gmail.com 2005 9 5 Abstract Buffer overflow.
More informationShell Code For Beginners
Shell Code For Beginners Beenu Arora Site: www.beenuarora.com Email: beenudel1986@gmail.com ################################################################ #.. # # _/ \ _ \ _/ # # / \ \\ \ / // \/ /_\
More informationUniversità Ca Foscari Venezia
Stack Overflow Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Introduction Buffer overflow is due to careless programming in unsafe languages like C
More informationProject 1 Notes and Demo
Project 1 Notes and Demo Overview You ll be given the source code for 7 short buggy programs (target[1-7].c). These programs will be installed with setuid root Your job is to write exploits (sploit[1-7].c)
More informationBinghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11
X86 Debug Computer Systems Section 3.11 GDB is a Source Level debugger We have learned how to debug at the C level Now, C has been translated to X86 assembler! How does GDB play the shell game? Makes it
More informationCMPSC 311- Introduction to Systems Programming Module: Debugging
CMPSC 311- Introduction to Systems Programming Module: Debugging Professor Patrick McDaniel Fall 2014 Debugging Often the most complicated and time-consuming part of developing a program is debugging.
More informationLink 2. Object Files
Link 2. Object Files Young W. Lim 2017-09-20 Wed Young W. Lim Link 2. Object Files 2017-09-20 Wed 1 / 33 Outline 1 Linking - 2. Object Files Based on Oject Files ELF Sections Example Program Source Codes
More informationCSC 405 Computer Security Stack Canaries & ASLR
CSC 405 Computer Security Stack Canaries & ASLR Alexandros Kapravelos akaprav@ncsu.edu How can we prevent a buffer overflow? Check bounds Programmer Language Stack canaries [...more ] Buffer overflow defenses
More informationCMPSC 311- Introduction to Systems Programming Module: Debugging
CMPSC 311- Introduction to Systems Programming Module: Debugging Professor Patrick McDaniel Fall 2016 Debugging Often the most complicated and time-consuming part of developing a program is debugging.
More information238P: Operating Systems. Lecture 7: Basic Architecture of a Program. Anton Burtsev January, 2018
238P: Operating Systems Lecture 7: Basic Architecture of a Program Anton Burtsev January, 2018 What is a program? What parts do we need to run code? Parts needed to run a program Code itself By convention
More informationLink 2. Object Files
Link 2. Object Files Young W. Lim 2017-09-23 Sat Young W. Lim Link 2. Object Files 2017-09-23 Sat 1 / 40 Outline 1 Linking - 2. Object Files Based on Oject Files ELF Sections Example Program Source Codes
More informationTales of the Unknown. Part One.
Tales of the Unknown Part One www.felinemenace.org Table of Contents Introduction... 3 Requisites... 3 The Story... 3 A look at Initialization...4 Compile time...4 Run time...5 A look at Dereferencing...
More informationAssembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction
Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction E I P CPU isters Condition Codes Addresses Data Instructions Memory Object Code Program Data OS Data Topics Assembly Programmer
More informationAdvanced Buffer Overflow
Pattern Recognition and Applications Lab Advanced Buffer Overflow Ing. Davide Maiorca, Ph.D. davide.maiorca@diee.unica.it Computer Security A.Y. 2016/2017 Department of Electrical and Electronic Engineering
More informationWar Industries Presents: An Introduction to Programming for Hackers Part V - Functions. By Lovepump, Visit:
War Industries Presents: An Introduction to Programming for Hackers Part V - Functions By Lovepump, 2004 Visit: www.warindustries.com Goals: At the end of Part IV, you should be able to competently code
More informationLecture 08 Control-flow Hijacking Defenses
Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation
More informationAssembly Language Programming Debugging programs
Assembly Language Programming Debugging programs November 18, 2017 Debugging programs During the development and investigation of behavior of system programs various tools are used. Some utilities are
More informationProcedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29
Procedure Calls Young W. Lim 2017-08-21 Mon Young W. Lim Procedure Calls 2017-08-21 Mon 1 / 29 Outline 1 Introduction Based on Stack Background Transferring Control Register Usage Conventions Procedure
More informationCSC 591 Systems Attacks and Defenses Return-into-libc & ROP
CSC 591 Systems Attacks and Defenses Return-into-libc & ROP Alexandros Kapravelos akaprav@ncsu.edu NOEXEC (W^X) 0xFFFFFF Stack Heap BSS Data 0x000000 Code RW RX Deployment Linux (via PaX patches) OpenBSD
More informationLab 10: Introduction to x86 Assembly
CS342 Computer Security Handout # 8 Prof. Lyn Turbak Wednesday, Nov. 07, 2012 Wellesley College Revised Nov. 09, 2012 Lab 10: Introduction to x86 Assembly Revisions: Nov. 9 The sos O3.s file on p. 10 was
More informationBuffer Overflow Attacks
CS- Spring Buffer Overflow Attacks Computer Systems..-, CS- Spring Hacking Roots in phone phreaking White Hat vs Gray Hat vs Black Hat Over % of Modern Software Development is Black Hat! Tip the balance:
More informationComputer Architecture and Assembly Language. Practical Session 5
Computer Architecture and Assembly Language Practical Session 5 Addressing Mode - "memory address calculation mode" An addressing mode specifies how to calculate the effective memory address of an operand.
More informationCMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING PREVIEW SLIDES 16, SPRING 2013
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING PREVIEW SLIDES 16, SPRING 2013 CONST POINTERS CONST POINTERS 4 ways to declare pointers in combination with const:!! int *ptr! const int *ptr!
More informationTHEORY OF COMPILATION
Lecture 10 Activation Records THEORY OF COMPILATION EranYahav www.cs.technion.ac.il/~yahave/tocs2011/compilers-lec10.pptx Reference: Dragon 7.1,7.2. MCD 6.3,6.4.2 1 You are here Compiler txt Source Lexical
More informationCNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux
CNIT 127: Exploit Development Ch 2: Stack Overflows in Linux Stack-based Buffer Overflows Most popular and best understood exploitation method Aleph One's "Smashing the Stack for Fun and Profit" (1996)
More informationCS527 Software Security
Reverse Engineering Purdue University, Spring 2018 Basics: encodings Code is data is code is data Learn to read hex numbers: 0x38 == 0011'1000 Python: hex(int('00111000', 2)) Remember common ASCII characters
More informationCSC 405 Computer Security Reverse Engineering Part 1
CSC 405 Computer Security Reverse Engineering Part 1 Alexandros Kapravelos akaprav@ncsu.edu Introduction Reverse engineering process of analyzing a system understand its structure and functionality used
More informationANITA S SUPER AWESOME RECITATION SLIDES
ANITA S SUPER AWESOME RECITATION SLIDES 15/18-213: Introduction to Computer Systems Stacks and Buflab, 11 Jun 2013 Anita Zhang, Section M WHAT S NEW (OR NOT) Bomblab is due tonight, 11:59 PM EDT Your late
More informationCSC 2400: Computing Systems. X86 Assembly: Function Calls
CSC 24: Computing Systems X86 Assembly: Function Calls 1 Lecture Goals Challenges of supporting functions Providing information for the called function Function arguments and local variables Allowing the
More informationCSC 405 Computer Security Shellcode
CSC 405 Computer Security Shellcode Alexandros Kapravelos akaprav@ncsu.edu Attack plan Attack code Vulnerable code xor ebx, ebx xor eax, eax mov ebx,edi mov eax,edx sub eax,0x388 Vulnerable code xor ebx,
More informationAssembly Language Programming - III
Assembly Language Programming - III GDB Debugger Please refer to the handout New GDB commands (power.s) info registers (prints all register values) print/d $eax (prints individual register value. Note
More informationCMSC 313 Lecture 12 [draft] How C functions pass parameters
CMSC 313 Lecture 12 [draft] How C functions pass parameters UMBC, CMSC313, Richard Chang Last Time Stack Instructions: PUSH, POP PUSH adds an item to the top of the stack POP removes an
More informationAdvanced Buffer Overflow
Pattern Recognition and Applications Lab Advanced Buffer Overflow Ing. Davide Maiorca, Ph.D. davide.maiorca@diee.unica.it Computer Security A.Y. 2017/2018 Department of Electrical and Electronic Engineering
More informationA short session with gdb verifies a few facts; the student has made notes of some observations:
This assignment refers to concepts discussed in the course notes on gdb and the book The Art of Debugging by Matloff & Salzman. The questions are definitely "hands-on" and will require some reading beyond
More informationSandwiches for everyone
Inf2C :: Computer Systems Today s menu ( And finally, monsieur, a wafer-thin mint ) Notes on security Or, why safety is an illusion, why ignorance is bliss, and why knowledge is power Stack overflows Or,
More information15-213/18-243, Fall 2010 Exam 1 - Version A
Andrew login ID: Full Name: Section: 15-213/18-243, Fall 2010 Exam 1 - Version A Tuesday, September 28, 2010 Instructions: Make sure that your exam is not missing any sheets, then write your Andrew login
More informationMachine Language, Assemblers and Linkers"
Machine Language, Assemblers and Linkers 1 Goals for this Lecture Help you to learn about: IA-32 machine language The assembly and linking processes 2 1 Why Learn Machine Language Last stop on the language
More informationLink 4. Relocation. Young W. Lim Wed. Young W. Lim Link 4. Relocation Wed 1 / 22
Link 4. Relocation Young W. Lim 2017-09-13 Wed Young W. Lim Link 4. Relocation 2017-09-13 Wed 1 / 22 Outline 1 Linking - 4. Relocation Based on Relocation Relocation Entries Relocating Symbol Reference
More informationOverview REWARDS TIE HOWARD Summary CS 6V Data Structure Reverse Engineering. Zhiqiang Lin
CS 6V81-05 Data Structure Reverse Engineering Zhiqiang Lin Department of Computer Science The University of Texas at Dallas September 2 nd, 2011 Outline 1 Overview 2 REWARDS 3 TIE 4 HOWARD 5 Summary Outline
More informationCSC 591 Systems Attacks and Defenses Reverse Engineering Part 1
CSC 591 Systems Attacks and Defenses Reverse Engineering Part 1 Alexandros Kapravelos akaprav@ncsu.edu Reverse engineering Introduction process of analyzing a system understand its structure and functionality
More informationWelcome to CS 106L! Ali Malik
Welcome to CS 106L! Ali Malik malikali@stanford.edu Game Plan Welcome Why CS106L? Logistics History and Philosophy of C++ C++ Basics Welcome! Instructor Ali Malik malikali@stanford.edu Instructor Ali Malik
More informationInstruction Set Architectures
Instruction Set Architectures! ISAs! Brief history of processors and architectures! C, assembly, machine code! Assembly basics: registers, operands, move instructions 1 What should the HW/SW interface
More informationBUFFER OVERFLOW DEFENSES & COUNTERMEASURES
BUFFER OVERFLOW DEFENSES & COUNTERMEASURES CMSC 414 FEB 01 2018 RECALL OUR CHALLENGES How can we make these even more difficult? Putting code into the memory (no zeroes) Finding the return address (guess
More informationCS , Fall 2004 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2004 Exam 1 Tuesday October 12, 2004 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front.
More informationLink Edits and Relocatable Code
Link Edits and Relocatable Code Computer Systems Chapter 7.4-7.7 gcc g o ttt ttt.c ttt.c gcc ttt Pre-Processor Linker Compiler Assembler ttt.s ttt.o gcc g o ttt ttt.c main.c gcc cmd util.c Pre-Processor
More informationx86 assembly CS449 Fall 2017
x86 assembly CS449 Fall 2017 x86 is a CISC CISC (Complex Instruction Set Computer) e.g. x86 Hundreds of (complex) instructions Only a handful of registers RISC (Reduced Instruction Set Computer) e.g. MIPS
More informationAn Experience Like No Other. Stack Discipline Aug. 30, 2006
15-410 An Experience Like No Other Discipline Aug. 30, 2006 Bruce Maggs Dave Eckhardt Slides originally stolen from 15-213 15-410, F 06 Synchronization Registration If you're here but not registered, please
More informationCPS104 Recitation: Assembly Programming
CPS104 Recitation: Assembly Programming Alexandru Duțu 1 Facts OS kernel and embedded software engineers use assembly for some parts of their code some OSes had their entire GUIs written in assembly in
More informationBinghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11
X86 Debug Computer Systems Section 3.11 GDB is a Source Level debugger We have learned how to debug at the C level But the machine is executing X86 object code! How does GDB play the shell game? Makes
More informationTurning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p Use optimizations (-O) Put resulting binary in file p
Turning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p Use optimizations (-O) Put resulting binary in file p text C program (p1.c p2.c) Compiler (gcc -S) text Asm
More informationbuffer overflow exploitation
buffer overflow exploitation Samuele Andreoli, Nicolò Fornari, Giuseppe Vitto May 11, 2016 University of Trento Introduction 1 introduction A Buffer Overflow is an anomaly where a program, while writing
More informationCMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang
Project 3 Questions CMSC 313 Lecture 12 How C functions pass parameters UMBC, CMSC313, Richard Chang Last Time Stack Instructions: PUSH, POP PUSH adds an item to the top of the stack POP
More informationInstruction Set Architectures
Instruction Set Architectures ISAs Brief history of processors and architectures C, assembly, machine code Assembly basics: registers, operands, move instructions 1 What should the HW/SW interface contain?
More informationSystems Programming. Fatih Kesgin &Yusuf Yaslan Istanbul Technical University Computer Engineering Department 18/10/2005
Systems Programming Fatih Kesgin &Yusuf Yaslan Istanbul Technical University Computer Engineering Department 18/10/2005 Outline How to assemble and link nasm ld gcc Debugging Using gdb; breakpoints,registers,
More informationProcedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27
Procedure Calls Young W. Lim 2016-11-05 Sat Young W. Lim Procedure Calls 2016-11-05 Sat 1 / 27 Outline 1 Introduction References Stack Background Transferring Control Register Usage Conventions Procedure
More informationSistemi Operativi. Lez. 16 Elementi del linguaggio Assembler AT&T
Sistemi Operativi Lez. 16 Elementi del linguaggio Assembler AT&T Data Sizes Three main data sizes Byte (b): 1 byte Word (w): 2 bytes Long (l): 4 bytes Separate assembly-language instructions E.g., addb,
More informationLink 4. Relocation. Young W. Lim Thr. Young W. Lim Link 4. Relocation Thr 1 / 26
Link 4. Relocation Young W. Lim 2017-09-14 Thr Young W. Lim Link 4. Relocation 2017-09-14 Thr 1 / 26 Outline 1 Linking - 4. Relocation Based on Relocation Relocation Entries Relocating Symbol Reference
More informationBuffer-Overflow Attacks on the Stack
Computer Systems Buffer-Overflow Attacks on the Stack Introduction A buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer's boundary and overwrites memory in adjacent
More informationCS , Fall 2002 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2002 Exam 1 October 8, 2002 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front. Write
More informationLinux Memory Layout. Lecture 6B Machine-Level Programming V: Miscellaneous Topics. Linux Memory Allocation. Text & Stack Example. Topics.
Lecture 6B Machine-Level Programming V: Miscellaneous Topics Topics Linux Memory Layout Understanding Pointers Buffer Overflow Upper 2 hex digits of address Red Hat v. 6.2 ~1920MB memory limit FF C0 Used
More informationCS 2505 Computer Organization I Test 2. Do not start the test until instructed to do so! printed
Instructions: Print your name in the space provided below. This examination is closed book and closed notes, aside from the permitted one-page formula sheet. No calculators or other electronic devices
More informationBuffer Overflows Defending against arbitrary code insertion and execution
www.harmonysecurity.com info@harmonysecurity.com Buffer Overflows Defending against arbitrary code insertion and execution By Stephen Fewer Contents 1 Introduction 2 1.1 Where does the problem lie? 2 1.1.1
More informationBuffer Overflow. An Introduction
Buffer Overflow An Introduction Workshop Flow-1 Revision (4-10) How a program runs Registers Memory Layout of a Process Layout of a StackFrame Layout of stack frame using GDB and looking at Assembly code
More informationDownload the tarball for this session. It will include the following files:
Getting Started 1 Download the tarball for this session. It will include the following files: driver driver.c bomb.h bomb.o 64-bit executable C driver source declaration for "bomb" 64-bit object code for
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationBinghamton University. CS-220 Spring Loading Code. Computer Systems Chapter 7.5, 7.8, 7.9
Loading Code Computer Systems Chapter 7.5, 7.8, 7.9 gcc g o ttt ttt.c ttt.c ttt gcc gcc g o ttt ttt.c ttt.c gcc ttt Pre-Processor Linker Compiler Assembler ttt.s ttt.o What is in a binary executable file?
More informationASSEMBLY III: PROCEDURES. Jo, Heeseung
ASSEMBLY III: PROCEDURES Jo, Heeseung IA-32 STACK (1) Characteristics Region of memory managed with stack discipline Grows toward lower addresses Register indicates lowest stack address - address of top
More informationCNIT 127: Exploit Development. Ch 1: Before you begin. Updated
CNIT 127: Exploit Development Ch 1: Before you begin Updated 1-14-16 Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as Denial
More informationCompila(on, Disassembly, and Profiling
Compila(on, Disassembly, and Profiling (in Linux) CS 485: Systems Programming Fall 2015 Instructor: James Griffioen 1 Recall the compila(on process/steps 2 Turning C into Object Code Code in files p1.c
More informationAssembly III: Procedures. Jo, Heeseung
Assembly III: Procedures Jo, Heeseung IA-32 Stack (1) Characteristics Region of memory managed with stack discipline Grows toward lower addresses Register indicates lowest stack address - address of top
More informationby Marina Cholakyan, Hyduke Noshadi, Sepehr Sahba and Young Cha
CS 111 Scribe Notes for 4/11/05 by Marina Cholakyan, Hyduke Noshadi, Sepehr Sahba and Young Cha Processes What is a process? A process is a running instance of a program. The Web browser you're using to
More information20: Exploits and Containment
20: Exploits and Containment Mark Handley Andrea Bittau What is an exploit? Programs contain bugs. These bugs could have security implications (vulnerabilities) An exploit is a tool which exploits a vulnerability
More informationProgram Exploitation Intro
Program Exploitation Intro x86 Assembly 04//2018 Security 1 Univeristà Ca Foscari, Venezia What is Program Exploitation "Making a program do something unexpected and not planned" The right bugs can be
More informationStack Discipline Jan. 19, 2018
15-410 An Experience Like No Other Discipline Jan. 19, 2018 Dave Eckhardt Brian Railing Slides originally stolen from 15-213 1 15-410, S 18 Synchronization Registration The wait list will probably be done
More informationCNIT 127: Exploit Development. Ch 3: Shellcode. Updated
CNIT 127: Exploit Development Ch 3: Shellcode Updated 1-30-17 Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object files strace System Call Tracer Removing
More information1. A student is testing an implementation of a C function; when compiled with gcc, the following x86-32 assembly code is produced:
This assignment refers to concepts discussed in the course notes on gdb and the book The Art of Debugging by Matloff & Salzman. The questions are definitely "hands-on" and will require some reading beyond
More informationBuffer-Overflow Attacks on the Stack
Computer Systems Buffer-Overflow Attacks on the Stack Introduction A buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer's boundary and overwrites memory in adjacent
More informationFunctions. Ray Seyfarth. August 4, Bit Intel Assembly Language c 2011 Ray Seyfarth
Functions Ray Seyfarth August 4, 2011 Functions We will write C compatible function C++ can also call C functions using extern "C" {...} It is generally not sensible to write complete assembly programs
More informationHomework. In-line Assembly Code Machine Language Program Efficiency Tricks Reading PAL, pp 3-6, Practice Exam 1
Homework In-line Assembly Code Machine Language Program Efficiency Tricks Reading PAL, pp 3-6, 361-367 Practice Exam 1 1 In-line Assembly Code The gcc compiler allows you to put assembly instructions in-line
More informationSystems I. Machine-Level Programming V: Procedures
Systems I Machine-Level Programming V: Procedures Topics abstraction and implementation IA32 stack discipline Procedural Memory Usage void swap(int *xp, int *yp) int t0 = *xp; int t1 = *yp; *xp = t1; *yp
More informationIntroduction Selected details Live demos. HrwCC. A self-compiling C-compiler. Stefan Huber Christian Rathgeb Stefan Walkner
HrwCC A self-compiling C-compiler. Stefan Huber Christian Rathgeb Stefan Walkner Universität Salzburg VP Compiler Construction June 26, 2007 Overview 1 Introduction Basic properties Features 2 Selected
More informationIntroduction to Computer Systems , fall th Lecture, Sep. 28 th
Introduction to Computer Systems 15 213, fall 2009 9 th Lecture, Sep. 28 th Instructors: Majd Sakr and Khaled Harras Last Time: Structures struct rec { int i; int a[3]; int *p; }; Memory Layout i a p 0
More informationCS165 Computer Security. Understanding low-level program execution Oct 1 st, 2015
CS165 Computer Security Understanding low-level program execution Oct 1 st, 2015 A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns
More informationCS , Fall 2009 Exam 1
Andrew login ID: Full Name: Recitation Section: CS 15-213, Fall 2009 Exam 1 Thurs, September 24, 2009 Instructions: Make sure that your exam is not missing any sheets, then write your full name, Andrew
More informationCMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 16, SPRING 2013 TOPICS TODAY Project 6 Perils & Pitfalls of Memory Allocation C Function Call Conventions in Assembly Language PERILS
More informationCS , Fall 2001 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2001 Exam 1 October 9, 2001 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front. Write
More informationCS , Fall 2009 Exam 1
Andrew login ID: Full Name: Recitation Section: CS 15-213, Fall 2009 Exam 1 Thursday, September 24, 2009 Instructions: Make sure that your exam is not missing any sheets, then write your full name, Andrew
More informationSimple C Program. Assembly Ouput. Using GCC to produce Assembly. Assembly produced by GCC is easy to recognize:
Simple C Program Helloworld.c Programming and Debugging Assembly under Linux slides by Alexandre Denault int main(int argc, char *argv[]) { } printf("hello World"); Programming and Debugging Assembly under
More informationint32_t Buffer[BUFFSZ] = {-1, -1, -1, 1, -1, 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, -1, -1, -1, -1, -1}; int32_t* A = &Buffer[5];
This assignment refers to concepts discussed in the course notes on gdb and the book The Art of Debugging by Matloff & Salzman. The questions are definitely "hands-on" and will require some reading beyond
More informationMACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION
MACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION Today: Machine Programming I: Basics History of Intel processors and architectures C, assembly, machine code Assembly Basics:
More informationGDB Tutorial. Young W. Lim Tue. Young W. Lim GDB Tutorial Tue 1 / 32
GDB Tutorial Young W. Lim 2017-02-14 Tue Young W. Lim GDB Tutorial 2017-02-14 Tue 1 / 32 Outline 1 Introduction Young W. Lim GDB Tutorial 2017-02-14 Tue 2 / 32 Based on "Self-service Linux: Mastering the
More informationRepresentation of Information
Representation of Information CS61, Lecture 2 Prof. Stephen Chong September 6, 2011 Announcements Assignment 1 released Posted on http://cs61.seas.harvard.edu/ Due one week from today, Tuesday 13 Sept
More informationCS , Spring 2004 Exam 1
Andrew login ID: Full Name: CS 15-213, Spring 2004 Exam 1 February 26, 2004 Instructions: Make sure that your exam is not missing any sheets (there should be 15), then write your full name and Andrew login
More informationMachine-Level Programming I: Introduction Jan. 30, 2001
15-213 Machine-Level Programming I: Introduction Jan. 30, 2001 Topics Assembly Programmer s Execution Model Accessing Information Registers Memory Arithmetic operations IA32 Processors Totally Dominate
More informationSystems I. Machine-Level Programming I: Introduction
Systems I Machine-Level Programming I: Introduction Topics Assembly Programmerʼs Execution Model Accessing Information Registers IA32 Processors Totally Dominate General Purpose CPU Market Evolutionary
More informationLab 3. The Art of Assembly Language (II)
Lab. The Art of Assembly Language (II) Dan Bruce, David Clark and Héctor D. Menéndez Department of Computer Science University College London October 2, 2017 License Creative Commons Share Alike Modified
More informationComputer Memory. Ray Seyfarth. June 29, Bit Intel Assembly Language c 2011 Ray Seyfarth
Computer Memory Ray Seyfarth June 29, 2012 Outline 1 Memory mapping 2 Process memory model in Linux 3 Memory example 4 Examining memory with gdb 5 Examining memory with ebe Memory mapping Computer memory
More informationCS 2505 Computer Organization I Test 2. Do not start the test until instructed to do so! printed
Instructions: Print your name in the space provided below. This examination is closed book and closed notes, aside from the permitted one-page formula sheet. No calculators or other electronic devices
More information