Configurations. Make menuconfig : Kernel hacking/
|
|
|
- Cori Rice
- 6 years ago
- Views:
Transcription
1 Kernel Debugging
2 Configurations Make menuconfig : Kernel hacking/ Timing info on printks depreciated logic Detection of hung tasks SLUB debugging Kernel memory leak detector Mutext/lock debugging Kmemcheck Check for stack overflow Linked list debugging
3 Debugging through procfs Required for elevator General process Identify data you want to monitor Create a proc entry to monitor this data Insert/run module Querry /proc/<entry> for that information at that time
4 When your kernel crashes Kernel errors only appear on first tty Switch by using [CTRL]+[ALT]+F1
5 Invalid Pointer Reference Unable to handle kernel NULL pointer dereference at virtual address d083a064 Oops: 0002 [#1] Oops EIP: 0060:[<d083a064>] Not tainted EFLAGS: (2.6.6) EIP is at faulty_write+0x4/0x10 [faulty] eax: ebx: ecx: edx: esi: cf8b2460 edi: cf8b2480 ebp: esp: c31c5f74 Process bash (pid: 2086, threadinfo=c31c4000 task=cfa0a6c0) Stack: c cf8b e cf8b cf8b2460 cf8b2460 fffffff7 080e9408 c31c4000 c cf8b e cf8b c0103f8f e [<c >] vfs_write+0xb8/0x130 [<c >] sys_write+0x42/0x70 Code: c3 90 8d ec 0c b8 00 a6 83 d0
6 Invalid Pointer Reference Unable to handle kernel NULL pointer dereference at virtual address d083a064 Oops: 0002 [#1] EIP: 0060:[<d083a064>] Not tainted EFLAGS: (2.6.6) EIP is at faulty_write+0x4/0x10 [faulty] Error Message eax: ebx: ecx: edx: esi: cf8b2460 edi: cf8b2480 ebp: esp: c31c5f74 Process bash (pid: 2086, threadinfo=c31c4000 task=cfa0a6c0) Stack: c cf8b e cf8b cf8b2460 cf8b2460 fffffff7 080e9408 c31c4000 c cf8b e cf8b c0103f8f e [<c >] vfs_write+0xb8/0x130 [<c >] sys_write+0x42/0x70 Code: c3 90 8d ec 0c b8 00 a6 83 d0
7 Invalid Pointer Reference Unable to handle kernel NULL pointer dereference at virtual address d083a064 Oops: 0002 [#1] Crashed Function EIP: 0060:[<d083a064>] Not tainted EFLAGS: (2.6.6) EIP is at faulty_write+0x4/0x10 [faulty] eax: ebx: ecx: edx: esi: cf8b2460 edi: cf8b2480 ebp: esp: c31c5f74 Process bash (pid: 2086, threadinfo=c31c4000 task=cfa0a6c0) Stack: c cf8b e cf8b cf8b2460 cf8b2460 fffffff7 080e9408 c31c4000 c cf8b e cf8b c0103f8f e [<c >] vfs_write+0xb8/0x130 [<c >] sys_write+0x42/0x70 Code: c3 90 8d ec 0c b8 00 a6 83 d0
8 Invalid Pointer Reference Unable to handle kernel NULL pointer dereference at virtual address d083a064 Oops: 0002 [#1] EIP: 0060:[<d083a064>] Not tainted EFLAGS: (2.6.6) EIP is at faulty_write+0x4/0x10 [faulty] 4 Bytes In eax: ebx: ecx: edx: esi: cf8b2460 edi: cf8b2480 ebp: esp: c31c5f74 Process bash (pid: 2086, threadinfo=c31c4000 task=cfa0a6c0) Stack: c cf8b e cf8b cf8b2460 cf8b2460 fffffff7 080e9408 c31c4000 c cf8b e cf8b c0103f8f e [<c >] vfs_write+0xb8/0x130 [<c >] sys_write+0x42/0x70 Code: c3 90 8d ec 0c b8 00 a6 83 d0
9 Invalid Pointer Reference Unable to handle kernel NULL pointer dereference at virtual address d083a064 Oops: 0002 [#1] Module Name EIP: 0060:[<d083a064>] Not tainted EFLAGS: (2.6.6) EIP is at faulty_write+0x4/0x10 [faulty] eax: ebx: ecx: edx: esi: cf8b2460 edi: cf8b2480 ebp: esp: c31c5f74 Process bash (pid: 2086, threadinfo=c31c4000 task=cfa0a6c0) Stack: c cf8b e cf8b cf8b2460 cf8b2460 fffffff7 080e9408 c31c4000 c cf8b e cf8b c0103f8f e [<c >] vfs_write+0xb8/0x130 [<c >] sys_write+0x42/0x70 Code: c3 90 8d ec 0c b8 00 a6 83 d0
10 Invalid Pointer Reference Unable to handle kernel NULL pointer dereference at virtual address d083a064 Oops: 0002 [#1] EIP: 0060:[<d083a064>] Not tainted EFLAGS: (2.6.6) EIP is at faulty_write+0x4/0x10 [faulty] eax: ebx: ecx: edx: esi: cf8b2460 edi: cf8b2480 ebp: esp: c31c5f74 Process bash (pid: 2086, threadinfo=c31c4000 task=cfa0a6c0) User Process Stack: c cf8b e cf8b cf8b2460 cf8b2460 fffffff7 080e9408 c31c4000 c cf8b e cf8b c0103f8f e [<c >] vfs_write+0xb8/0x130 [<c >] sys_write+0x42/0x70 Code: c3 90 8d ec 0c b8 00 a6 83 d0
11 Invalid Pointer Reference Unable to handle kernel NULL pointer dereference at virtual address d083a064 Oops: 0002 [#1] EIP: 0060:[<d083a064>] Not tainted EFLAGS: (2.6.6) EIP is at faulty_write+0x4/0x10 [faulty] eax: ebx: ecx: edx: esi: cf8b2460 edi: cf8b2480 ebp: esp: c31c5f74 Process bash (pid: 2086, threadinfo=c31c4000 task=cfa0a6c0) Stack: c cf8b e cf8b cf8b2460 cf8b2460 fffffff7 080e9408 c31c4000 c cf8b e cf8b c0103f8f e [<c >] vfs_write+0xb8/0x130 [<c >] sys_write+0x42/0x70 Code: c3 90 8d ec 0c b8 00 a6 83 d0 Data on the stack
12 Invalid Pointer Reference Unable to handle kernel NULL pointer dereference at virtual address d083a064 Oops: 0002 [#1] EIP: 0060:[<d083a064>] Not tainted EFLAGS: (2.6.6) EIP is at faulty_write+0x4/0x10 [faulty] eax: ebx: ecx: edx: esi: cf8b2460 edi: cf8b2480 ebp: esp: c31c5f74 Process bash (pid: 2086, threadinfo=c31c4000 task=cfa0a6c0) Stack: c cf8b e cf8b cf8b2460 cf8b2460 fffffff7 080e9408 c31c4000 c cf8b e cf8b c0103f8f e [<c >] vfs_write+0xb8/0x130 [<c >] sys_write+0x42/0x70 Code: c3 90 8d ec 0c b8 00 a6 83 d0 Kernel data if >= 0xc000000
13 Invalid Pointer Reference Unable to handle kernel NULL pointer dereference at virtual address d083a064 Oops: 0002 [#1] EIP: 0060:[<d083a064>] Not tainted EFLAGS: (2.6.6) EIP is at faulty_write+0x4/0x10 [faulty] eax: ebx: ecx: edx: esi: cf8b2460 edi: cf8b2480 ebp: esp: c31c5f74 Process bash (pid: 2086, threadinfo=c31c4000 task=cfa0a6c0) Stack: c cf8b e cf8b cf8b2460 cf8b2460 fffffff7 080e9408 c31c4000 c cf8b e cf8b c0103f8f e [<c >] vfs_write+0xb8/0x130 [<c >] sys_write+0x42/0x70 Code: c3 90 8d ec 0c b8 00 a6 83 d0 Call Stack
14 Buffer Overflow EIP: 0010:[< >] Unable to handle kernel paging request at virtual address ffffffff ffffffff Oops: 0000 [#5] EIP: 0060:[<ffffffff>] Not tainted EFLAGS: (2.6.6) EIP is at 0xffffffff eax: c ebx: ffffffff ecx: edx: bfffda7c esi: cf434f00 edi: ffffffff ebp: esp: c27fff78 Process head (pid: 2331, threadinfo=c27fe000 task=c ) Stack: ffffffff bfffda cf434f cf434f00 fffffff7 bfffda70 c27fe000 c cf434f00 bfffda cf434f c0103f8f bfffda bfffda70 [<c >] sys_read+0x42/0x70 Code: Bad EIP value. Points Nowhere
15 Buffer Overflow EIP: 0010:[< >] Unable to handle kernel paging request at virtual address ffffffff ffffffff Oops: 0000 [#5] EIP: 0060:[<ffffffff>] Not tainted EFLAGS: (2.6.6) EIP is at 0xffffffff eax: c ebx: ffffffff ecx: edx: bfffda7c esi: cf434f00 edi: ffffffff ebp: esp: c27fff78 Process head (pid: 2331, threadinfo=c27fe000 task=c ) Stack: ffffffff bfffda cf434f cf434f00 fffffff7 bfffda70 c27fe000 c cf434f00 bfffda cf434f c0103f8f bfffda bfffda70 [<c >] sys_read+0x42/0x70 Code: Bad EIP value. User data if < 0xc000000
16 Buffer Overflow EIP: 0010:[< >] Unable to handle kernel paging request at virtual address ffffffff ffffffff Oops: 0000 [#5] EIP: 0060:[<ffffffff>] Not tainted EFLAGS: (2.6.6) EIP is at 0xffffffff eax: c ebx: ffffffff ecx: edx: bfffda7c esi: cf434f00 edi: ffffffff ebp: esp: c27fff78 Process head (pid: 2331, threadinfo=c27fe000 task=c ) Stack: ffffffff bfffda cf434f cf434f00 fffffff7 bfffda70 c27fe000 c cf434f00 bfffda cf434f c0103f8f bfffda bfffda70 [<c >] sys_read+0x42/0x70 Code: Bad EIP value. Bad Address
17 Defensive Programming Infinite loops and deadlocks at the kernel level hang your machine [CTRL]+[ALT]+[DEL] has no effect [CTRL]+C does not matter [CTRL]+D does not matter You may only reboot How do you protect yourself? Use schedule() strategically Use preemptable versions of functions
18 Other Debugging Tools LTT Linux Tracing Framework gdb Invoking gdb on the kernel image kgdb A remote debugger for the kernel Magic SysRq Allows commands under oops printk Rate limiting, turning on/off
Linux Device Drivers - debugging
March 15, 2018 Overview Introduction 1 Introduction 2 3 4 Using /proc file system Method ioctl 5 6 7 8 gdb kdb Kernel Debugger kgdb kgdb Patches User-Mode Linux Port Introduction kernel code cannot be
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 16, SPRING 2013 TOPICS TODAY Project 6 Perils & Pitfalls of Memory Allocation C Function Call Conventions in Assembly Language PERILS
U23 - Binary Exploitation
U23 - Binary Exploitation Stratum Auhuur robbje@aachen.ccc.de November 21, 2016 Context OS: Linux Context OS: Linux CPU: x86 (32 bit) Context OS: Linux CPU: x86 (32 bit) Address Space Layout Randomization:
Ausgewählte Betriebssysteme. Anatomy of a system call
Ausgewählte Betriebssysteme Anatomy of a system call 1 User view #include int main(void) { printf( Hello World!\n ); return 0; } 2 3 Syscall (1) User: write(fd, buffer, sizeof(buffer)); size
Low Level Programming Lecture 2. International Faculty of Engineerig, Technical University of Łódź
Low Level Programming Lecture 2 Intel processors' architecture reminder Fig. 1. IA32 Registers IA general purpose registers EAX- accumulator, usually used to store results of integer arithmetical or binary
SYSTEM CALL IMPLEMENTATION. CS124 Operating Systems Fall , Lecture 14
SYSTEM CALL IMPLEMENTATION CS124 Operating Systems Fall 2017-2018, Lecture 14 2 User Processes and System Calls Previously stated that user applications interact with the kernel via system calls Typically
Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86
Lecture 15 Intel Manual, Vol. 1, Chapter 3 Hampden-Sydney College Fri, Mar 6, 2009 Outline 1 2 Overview See the reference IA-32 Intel Software Developer s Manual Volume 1: Basic, Chapter 3. Instructions
The Microprocessor and its Architecture
The Microprocessor and its Architecture Contents Internal architecture of the Microprocessor: The programmer s model, i.e. The registers model The processor model (organization) Real mode memory addressing
POMP: Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts
POMP: Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts Jun Xu 1, Dongliang Mu 12, Xinyu Xing 1, Peng Liu 1, Ping Chen 1, Bing Mao 2 1. Pennsylvania State University 2. Nanjing University
CSE 351: Week 4. Tom Bergan, TA
CSE 35 Week 4 Tom Bergan, TA Does this code look okay? int binarysearch(int a[], int length, int key) { int low = 0; int high = length - ; while (low
Program Exploitation Intro
Program Exploitation Intro x86 Assembly 04//2018 Security 1 Univeristà Ca Foscari, Venezia What is Program Exploitation "Making a program do something unexpected and not planned" The right bugs can be
X86 Stack Calling Function POV
X86 Stack Calling Function POV Computer Systems Section 3.7 Stack Frame Reg Value ebp xffff FFF0 esp xffff FFE0 eax x0000 000E Memory Address Value xffff FFF8 xffff FFF4 x0000 0004 xffff FFF4 x0000 0003
Monitoring System Processes and Logs
25 CHAPTER This chapter provides details on monitoring the health of the switch. It includes the following sections: Displaying System Processes, page 25-2 Displaying System Status, page 25-5 Configuring
Memory Models. Registers
Memory Models Most machines have a single linear address space at the ISA level, extending from address 0 up to some maximum, often 2 32 1 bytes or 2 64 1 bytes. Some machines have separate address spaces
The x86 Architecture
The x86 Architecture Lecture 24 Intel Manual, Vol. 1, Chapter 3 Robb T. Koether Hampden-Sydney College Fri, Mar 20, 2015 Robb T. Koether (Hampden-Sydney College) The x86 Architecture Fri, Mar 20, 2015
Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11
X86 Debug Computer Systems Section 3.11 GDB is a Source Level debugger We have learned how to debug at the C level Now, C has been translated to X86 assembler! How does GDB play the shell game? Makes it
Finding media bugs in Android using file format fuzzing. Costel Maxim Intel OTC Security
Finding media bugs in Android using file format fuzzing Costel Maxim Intel OTC Security 1 Agenda File format fuzzing Generate high-quality corpus of files Fuzzing the Stagefright Framework Logging & Triage
Return-orientated Programming
Return-orientated Programming or The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) Hovav Shacham, CCS '07 Return-Oriented oriented Programming programming
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 7. Procedures and the Stack
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 7 Procedures and the Stack April, 2014 1 Assembly Language LAB Runtime Stack and Stack
BUFFER OVERFLOW DEFENSES & COUNTERMEASURES
BUFFER OVERFLOW DEFENSES & COUNTERMEASURES CMSC 414 FEB 01 2018 RECALL OUR CHALLENGES How can we make these even more difficult? Putting code into the memory (no zeroes) Finding the return address (guess
Processes (Intro) Yannis Smaragdakis, U. Athens
Processes (Intro) Yannis Smaragdakis, U. Athens Process: CPU Virtualization Process = Program, instantiated has memory, code, current state What kind of memory do we have? registers + address space Let's
IA32/Linux Virtual Memory Architecture
IA32/Linux Virtual Memory Architecture Basic Execution Environment Application Programming Registers General-purpose registers 31 0 EAX AH AL EBX BH BL ECX CH CL EDX DH DL EBP ESI EDI BP SI DI Segment
Stack -- Memory which holds register contents. Will keep the EIP of the next address after the call
Call without Parameter Value Transfer What are involved? ESP Stack Pointer Register Grows by 4 for EIP (return address) storage Stack -- Memory which holds register contents Will keep the EIP of the next
Assembly Language: Function Calls
Assembly Language: Function Calls 1 Goals of this Lecture Help you learn: Function call problems: Calling and returning Passing parameters Storing local variables Handling registers without interference
Università Ca Foscari Venezia
Stack Overflow Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Introduction Buffer overflow is due to careless programming in unsafe languages like C
Mechanisms for entering the system
Mechanisms for entering the system Yolanda Becerra Fontal Juan José Costa Prats Facultat d'informàtica de Barcelona (FIB) Universitat Politècnica de Catalunya (UPC) BarcelonaTech 2017-2018 QP Content Introduction
Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)
Function Calls COS 217 Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site) 1 Goals of Today s Lecture Finishing introduction to assembly language o EFLAGS register
Assembly Language: Function Calls" Goals of this Lecture"
Assembly Language: Function Calls" 1 Goals of this Lecture" Help you learn:" Function call problems:" Calling and returning" Passing parameters" Storing local variables" Handling registers without interference"
Computer System Architecture
CSC 203 1.5 Computer System Architecture Department of Statistics and Computer Science University of Sri Jayewardenepura Instruction Set Architecture (ISA) Level 2 Introduction 3 Instruction Set Architecture
Introduction to Reverse Engineering. Alan Padilla, Ricardo Alanis, Stephen Ballenger, Luke Castro, Jake Rawlins
Introduction to Reverse Engineering Alan Padilla, Ricardo Alanis, Stephen Ballenger, Luke Castro, Jake Rawlins Reverse Engineering (of Software) What is it? What is it for? Binary exploitation (the cool
The Instruction Set. Chapter 5
The Instruction Set Architecture Level(ISA) Chapter 5 1 ISA Level The ISA level l is the interface between the compilers and the hardware. (ISA level code is what a compiler outputs) 2 Memory Models An
CS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly
Raluca Popa Spring 2018 CS 161 Computer Security Discussion 1 Week of January 22, 2018: GDB and x86 assembly Objective: Studying memory vulnerabilities requires being able to read assembly and step through
Assembly Language: Function Calls" Goals of this Lecture"
Assembly Language: Function Calls" 1 Goals of this Lecture" Help you learn:" Function call problems:" Calling and urning" Passing parameters" Storing local variables" Handling registers without interference"
The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta
1 The IA-32 Stack and Function Calls CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta 2 Important Registers used with the Stack EIP: ESP: EBP: 3 Important Registers used with the Stack EIP:
Assembly Language: Function Calls. Goals of this Lecture. Function Call Problems
Assembly Language: Function Calls 1 Goals of this Lecture Help you learn: Function call problems: Calling and urning Passing parameters Storing local variables Handling registers without interference Returning
Intel Architecture. Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona
Intel Architecture Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch Content Intel Architecture Memory Layout C Arrays
CNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux
CNIT 127: Exploit Development Ch 2: Stack Overflows in Linux Stack-based Buffer Overflows Most popular and best understood exploitation method Aleph One's "Smashing the Stack for Fun and Profit" (1996)
mith College Computer Science CSC231 Assembly Week #12 Thanksgiving 2017 Dominique Thiébaut
mith College Computer Science CSC231 Assembly Week #12 Thanksgiving 2017 Dominique Thiébaut dthiebaut@smith.edu ;;; FUNCTION SIDE function: ebp ;save old ebp ebp, esp ;make ebp point ;to stack frame Summary
ROP It Like It s Hot!
Wednesday, December 3, 14 2014 Red Canari, Inc. All rights reserved. 1 I N F O R M AT I O N S E C U R I T Y ROP It Like It s Hot! A 101 on Buffer Overflows, Return Oriented Programming, & Shell- code Development
CS3210: Booting and x86
CS3210: Booting and x86 Lecture 2 Instructor: Dr. Tim Andersen 1 / 34 Today: Bootstrapping CPU -> needs a first instruction Memory -> needs initial code/data I/O -> needs to know how to communicate 2 /
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 6 Input/output using a Library of Procedures April, 2014 1 Assembly Language LAB Using
Lecture 4 CIS 341: COMPILERS
Lecture 4 CIS 341: COMPILERS CIS 341 Announcements HW2: X86lite Available on the course web pages. Due: Weds. Feb. 7 th at midnight Pair-programming project Zdancewic CIS 341: Compilers 2 X86 Schematic
Computer Organization & Assembly Language Programming
Computer Organization & Assembly Language Programming CSE 2312-002 (Fall 2011) Lecture 8 ISA & Data Types & Instruction Formats Junzhou Huang, Ph.D. Department of Computer Science and Engineering Fall
CS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016
CS 31: Intro to Systems Functions and the Stack Martin Gagne Swarthmore College February 23, 2016 Reminders Late policy: you do not have to send me an email to inform me of a late submission before the
CS3210: Booting and x86. Taesoo Kim
1 CS3210: Booting and x86 Taesoo Kim 2 What is an operating system? e.g. OSX, Windows, Linux, FreeBSD, etc. What does an OS do for you? Abstract the hardware for convenience and portability Multiplex the
Assembly Language for Intel-Based Computers, 4 th Edition. Chapter 2: IA-32 Processor Architecture Included elements of the IA-64 bit
Assembly Language for Intel-Based Computers, 4 th Edition Kip R. Irvine Chapter 2: IA-32 Processor Architecture Included elements of the IA-64 bit Slides prepared by Kip R. Irvine Revision date: 09/25/2002
Simple C Program. Assembly Ouput. Using GCC to produce Assembly. Assembly produced by GCC is easy to recognize:
Simple C Program Helloworld.c Programming and Debugging Assembly under Linux slides by Alexandre Denault int main(int argc, char *argv[]) { } printf("hello World"); Programming and Debugging Assembly under
ICS143A: Principles of Operating Systems. Midterm recap, sample questions. Anton Burtsev February, 2017
ICS143A: Principles of Operating Systems Midterm recap, sample questions Anton Burtsev February, 2017 Describe the x86 address translation pipeline (draw figure), explain stages. Address translation What
CMSC Lecture 03. UMBC, CMSC313, Richard Chang
CMSC Lecture 03 Moore s Law Evolution of the Pentium Chip IA-32 Basic Execution Environment IA-32 General Purpose Registers Hello World in Linux Assembly Language Addressing Modes UMBC, CMSC313, Richard
x86 assembly CS449 Fall 2017
x86 assembly CS449 Fall 2017 x86 is a CISC CISC (Complex Instruction Set Computer) e.g. x86 Hundreds of (complex) instructions Only a handful of registers RISC (Reduced Instruction Set Computer) e.g. MIPS
16.317: Microprocessor Systems Design I Fall 2014
16.317: Microprocessor Systems Design I Fall 2014 Exam 2 Solution 1. (16 points, 4 points per part) Multiple choice For each of the multiple choice questions below, clearly indicate your response by circling
Complex Instruction Set Computer (CISC)
Introduction ti to IA-32 IA-32 Processors Evolutionary design Starting in 1978 with 886 Added more features as time goes on Still support old features, although obsolete Totally dominate computer market
CMSC 313 Lecture 08 Project 2 Questions Recap Indexed Addressing Examples Some i386 string instructions A Bigger Example: Escape Sequence Project
CMSC 313 Lecture 08 Project 2 Questions Recap Indexed Addressing Examples Some i386 string instructions A Bigger Example: Escape Sequence Project UMBC, CMSC313, Richard Chang CMSC 313,
Function Call Convention
Function Call Convention Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch Content Intel Architecture Memory Layout
Exploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it
Exploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it 29.11.2012 Secure Software Engineering Andreas Follner 1 Andreas Follner Graduated earlier
Low-Level Essentials for Understanding Security Problems Aurélien Francillon
Low-Level Essentials for Understanding Security Problems Aurélien Francillon francill@eurecom.fr Computer Architecture The modern computer architecture is based on Von Neumann Two main parts: CPU (Central
Microprocessors ( ) Fall 2010/2011 Lecture Notes # 15. Stack Operations. 10 top
Microprocessors (0630371) Fall 2010/2011 Lecture Notes # 15 Stack Operations Objectives of the Lecture Runtime Stack PUSH Operation POP Operation Initializing the Stack PUSH and POP Instructions Stack
Buffer Overflow Attack
Buffer Overflow Attack What every applicant for the hacker should know about the foundation of buffer overflow attacks By (Dalgona@wowhacker.org) Email: zinwon@gmail.com 2005 9 5 Abstract Buffer overflow.
UMBC. A register, an immediate or a memory address holding the values on. Stores a symbolic name for the memory location that it represents.
Intel Assembly Format of an assembly instruction: LABEL OPCODE OPERANDS COMMENT DATA1 db 00001000b ;Define DATA1 as decimal 8 START: mov eax, ebx ;Copy ebx to eax LABEL: Stores a symbolic name for the
x86 Assembly Crash Course Don Porter
x86 Assembly Crash Course Don Porter Registers ò Only variables available in assembly ò General Purpose Registers: ò EAX, EBX, ECX, EDX (32 bit) ò Can be addressed by 8 and 16 bit subsets AL AH AX EAX
Chapter 11. Addressing Modes
Chapter 11 Addressing Modes 1 2 Chapter 11 11 1 Register addressing mode is the most efficient addressing mode because the operands are in the processor itself (there is no need to access memory). Chapter
Lab 2: Introduction to Assembly Language Programming
COE 205 Lab Manual Lab 2: Introduction to Assembly Language Programming - page 16 Lab 2: Introduction to Assembly Language Programming Contents 2.1. Intel IA-32 Processor Architecture 2.2. Basic Program
Intrusion Detection Systems. What To Observe? What To Observe?
BunnyTN Terzo Workshop di Crittografia Trento March 1, 01 UNOBSERVABLE INTRUSION DETECTION BASED ON CALL TRACES IN PARAVIRTUALIZED SYSTEMS Marino Miculan University of Udine Google: miculan (Work in collaboration
We can study computer architectures by starting with the basic building blocks. Adders, decoders, multiplexors, flip-flops, registers,...
COMPUTER ARCHITECTURE II: MICROPROCESSOR PROGRAMMING We can study computer architectures by starting with the basic building blocks Transistors and logic gates To build more complex circuits Adders, decoders,
Assembly Language. Lecture 2 - x86 Processor Architecture. Ahmed Sallam
Assembly Language Lecture 2 - x86 Processor Architecture Ahmed Sallam Introduction to the course Outcomes of Lecture 1 Always check the course website Don t forget the deadline rule!! Motivations for studying
CNIT 127: Exploit Development. Ch 1: Before you begin. Updated
CNIT 127: Exploit Development Ch 1: Before you begin Updated 1-14-16 Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as Denial
µ-kernel Construction (12)
µ-kernel Construction (12) Review 1 Threading Thread state must be saved/restored on thread switch We need a Thread Control Block (TCB) per thread TCBs must be kernel objects TCBs implement threads We
This time. Defenses and other memory safety vulnerabilities. Everything you ve always wanted to know about gdb but were too afraid to ask
This time We will continue Buffer overflows By looking at Overflow Defenses and other memory safety vulnerabilities Everything you ve always wanted to know about gdb but were too afraid to ask Overflow
How Software Executes
How Software Executes CS-576 Systems Security Instructor: Georgios Portokalidis Overview Introduction Anatomy of a program Basic assembly Anatomy of function calls (and returns) Memory Safety Programming
x86 assembly CS449 Spring 2016
x86 assembly CS449 Spring 2016 CISC vs. RISC CISC [Complex instruction set Computing] - larger, more feature-rich instruction set (more operations, addressing modes, etc.). slower clock speeds. fewer general
+ Overview. Projects: Developing an OS Kernel for x86. ! Handling Intel Processor Exceptions: the Interrupt Descriptor Table (IDT)
+ Projects: Developing an OS Kernel for x86 Low-Level x86 Programming: Exceptions, Interrupts, and Timers + Overview! Handling Intel Processor Exceptions: the Interrupt Descriptor Table (IDT)! Handling
Scott M. Lewandowski CS295-2: Advanced Topics in Debugging September 21, 1998
Scott M. Lewandowski CS295-2: Advanced Topics in Debugging September 21, 1998 Assembler Syntax Everything looks like this: label: instruction dest,src instruction label Comments: comment $ This is a comment
Tutorial 10 Protection Cont.
Tutorial 0 Protection Cont. 2 Privilege Levels Lower number => higher privilege Code can access data of equal/lower privilege levels only Code can call more privileged data via call gates Each level has
3. Process Management in xv6
Lecture Notes for CS347: Operating Systems Mythili Vutukuru, Department of Computer Science and Engineering, IIT Bombay 3. Process Management in xv6 We begin understanding xv6 process management by looking
Access. Young W. Lim Fri. Young W. Lim Access Fri 1 / 18
Access Young W. Lim 2017-01-27 Fri Young W. Lim Access 2017-01-27 Fri 1 / 18 Outline 1 Introduction References IA32 Operand Forms Data Movement Instructions Young W. Lim Access 2017-01-27 Fri 2 / 18 Based
CS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017
CS 31: Intro to Systems ISAs and Assembly Martin Gagné Swarthmore College February 7, 2017 ANNOUNCEMENT All labs will meet in SCI 252 (the robot lab) tomorrow. Overview How to directly interact with hardware
The Geometry of Innocent Flesh on the Bone
The Geometry of Innocent Flesh on the Bone Return-into-libc without Function Calls (on the x86) Hovav Shacham hovav@cs.ucsd.edu CCS 07 Technical Background Gadget: a short instructions sequence (e.x. pop
EXPERIMENT WRITE UP. LEARNING OBJECTIVES: 1. Get hands on experience with Assembly Language Programming 2. Write and debug programs in TASM/MASM
EXPERIMENT WRITE UP AIM: Assembly language program for 16 bit BCD addition LEARNING OBJECTIVES: 1. Get hands on experience with Assembly Language Programming 2. Write and debug programs in TASM/MASM TOOLS/SOFTWARE
Dr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD /12/2014 Slide 1
Dr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD 21252 rkarne@towson.edu 11/12/2014 Slide 1 Intel x86 Aseembly Language Assembly Language Assembly Language
MODE (mod) FIELD CODES. mod MEMORY MODE: 8-BIT DISPLACEMENT MEMORY MODE: 16- OR 32- BIT DISPLACEMENT REGISTER MODE
EXERCISE 9. Determine the mod bits from Figure 7-24 and write them in Table 7-7. MODE (mod) FIELD CODES mod 00 01 10 DESCRIPTION MEMORY MODE: NO DISPLACEMENT FOLLOWS MEMORY MODE: 8-BIT DISPLACEMENT MEMORY
Assembly Language. Lecture 2 x86 Processor Architecture
Assembly Language Lecture 2 x86 Processor Architecture Ahmed Sallam Slides based on original lecture slides by Dr. Mahmoud Elgayyar Introduction to the course Outcomes of Lecture 1 Always check the course
Assembly Language Lab # 9
Faculty of Engineering Computer Engineering Department Islamic University of Gaza 2011 Assembly Language Lab # 9 Stacks and Subroutines Eng. Doaa Abu Jabal Assembly Language Lab # 9 Stacks and Subroutines
Sistemi Operativi. Lez. 16 Elementi del linguaggio Assembler AT&T
Sistemi Operativi Lez. 16 Elementi del linguaggio Assembler AT&T Data Sizes Three main data sizes Byte (b): 1 byte Word (w): 2 bytes Long (l): 4 bytes Separate assembly-language instructions E.g., addb,
Intro x86 Part 3: Linux Tools & Analysis
Intro x86 Part 3: Linux Tools & Analysis Xeno Kovah 2009/2010 xkovah at gmail Approved for Public Release: 10-3348. Distribution Unlimited All materials is licensed under a Creative Commons Share Alike
The code for all of this is relatively straightforward. The full listing using SEH is shown below: #include <Windows.h>
Some good references to read prior to this post. In short, to use hardware breakpoints there are eight debug registers (DR0 to DR7) that can be utilized. Eight, however, is a bit of an overstatement DR4
What You Need to Know for Project Three. Dave Eckhardt Steve Muckle
What You Need to Know for Project Three Dave Eckhardt Steve Muckle Overview Introduction to the Kernel Project Mundane Details in x86 registers, paging, the life of a memory access, context switching,
Access. Young W. Lim Sat. Young W. Lim Access Sat 1 / 19
Access Young W. Lim 2017-06-10 Sat Young W. Lim Access 2017-06-10 Sat 1 / 19 Outline 1 Introduction References IA32 Operand Forms Data Movement Instructions Data Movement Examples Young W. Lim Access 2017-06-10
Lecture Dependable Systems Practical Report Software Implemented Fault Injection. July 31, 2010
Lecture Dependable Systems Practical Report Software Implemented Fault Injection Paul Römer Frank Zschockelt July 31, 2010 1 Contents 1 Introduction 3 2 Software Stack 3 2.1 The Host and the Virtual Machine.....................
UMBC. 1 (Feb. 9, 2002) seg_base + base + index. Systems Design & Programming 80x86 Assembly II CMPE 310. Base-Plus-Index addressing:
Data Addressing Modes Base-Plus-Index addressing: Effective address computed as: seg_base base index. Base registers: Holds starting location of an array. ebp (stack) ebx (data) Any 32-bit register except
Machine-level Representation of Programs. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Machine-level Representation of Programs Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Program? 짬뽕라면 준비시간 :10 분, 조리시간 :10 분 재료라면 1개, 스프 1봉지, 오징어
CSC 591 Systems Attacks and Defenses Return-into-libc & ROP
CSC 591 Systems Attacks and Defenses Return-into-libc & ROP Alexandros Kapravelos akaprav@ncsu.edu NOEXEC (W^X) 0xFFFFFF Stack Heap BSS Data 0x000000 Code RW RX Deployment Linux (via PaX patches) OpenBSD
UMBC. contain new IP while 4th and 5th bytes contain CS. CALL BX and CALL [BX] versions also exist. contain displacement added to IP.
![UMBC. contain new IP while 4th and 5th bytes contain CS. CALL BX and CALL [BX] versions also exist. contain displacement added to IP.](/thumbs/74/70839578.jpg "UMBC. contain new IP while 4th and 5th bytes contain CS. CALL BX and CALL [BX] versions also exist. contain displacement added to IP.")
Procedures: CALL: Pushes the address of the instruction following the CALL instruction onto the stack. RET: Pops the address. SUM PROC NEAR USES BX CX DX ADD AX, BX ADD AX, CX MOV AX, DX RET SUM ENDP NEAR
4. The Abstraction: The Process
4. The Abstraction: The Process Operating System: Three Easy Pieces AOS@UC 1 How to provide the illusion of many CPUs? p CPU virtualizing w The OS can promote the illusion that many virtual CPUs exist.
Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27
Procedure Calls Young W. Lim 2016-11-05 Sat Young W. Lim Procedure Calls 2016-11-05 Sat 1 / 27 Outline 1 Introduction References Stack Background Transferring Control Register Usage Conventions Procedure
Lab 5: Input/Output using a Library of Procedures
COE 205 Lab Manual Lab 5: Input/Output using a Library of Procedures - Page 46 Lab 5: Input/Output using a Library of Procedures Contents 5.1. Using an External Library of Procedures for Input and Output
EECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution
1. (40 points) Write the following subroutine in x86 assembly: Recall that: int f(int v1, int v2, int v3) { int x = v1 + v2; urn (x + v3) * (x v3); Subroutine arguments are passed on the stack, and can
IPC Functionality & Interface Universität Karlsruhe, System Architecture Group
µ-kernel Construction (4) IPC Functionality & Interface 1 IPC Primitives Send to (a specified thread) Receive from (a specified thread) Two threads communicate No interference from other threads Other
Introduction to IA-32. Jo, Heeseung
Introduction to IA-32 Jo, Heeseung IA-32 Processors Evolutionary design Starting in 1978 with 8086 Added more features as time goes on Still support old features, although obsolete Totally dominate computer
Register Allocation, iii. Bringing in functions & using spilling & coalescing
Register Allocation, iii Bringing in functions & using spilling & coalescing 1 Function Calls ;; f(x) = let y = g(x) ;; in h(y+x) + y*5 (:f (x
/ 28 HLL assembly Q4: Conditional instructions / 40 TOTAL SCORE / 100 EXTRA CREDIT / 10
16.317: Microprocessor Systems Design I Fall 2014 Exam 2 November 5, 2014 Name: ID #: For this exam, you may use a calculator and one 8.5 x 11 double-sided page of notes. All other electronic devices (e.g.,