Computer Systems CEN591(502) Fall 2011
|
|
- Maude Wood
- 5 years ago
- Views:
Transcription
1 Computer Systems CEN591(502) Fall 2011 Sandeep K. S. Gupta Arizona State University 9 th lecture Machine-Level Programming (4) (Slides adapted from CSAPP)
2 Announcements Potentially Makeup Classes on Sat Nov 5 and Sun Nov 13. Midterm 1 Oct 10 Midterm 2 Nov 21 (Tentative)
3 Summary of previous class Procedures and stack frame on IA-32 Recursive procedure calls Register conventions Stack frame on x86-54 Reducing stack overhead by: Using more registers to pass procedure arguments No stack frame pointer This class: Homogenous and heterogeneous data structure in machine Use arrays to reduce programs execution time! Define larger data types in structure first to save space! Buffer overflow Use gcc options to protect your code Do not use some of C library functions such as scanf, gets, use fgets and fscanf instead!
4 Agenda Array One-dimensional Multi-dimensional (nested) Multi-level Structure Alignment principal Union Buffer overflow Avoiding buffer overflow
5 Arrays One-dimensional Multi-dimensional (nested) Multi-level
6 Array Allocation Basic Principle T A[L]; Array of data type T and length L Contiguously allocated region of L * sizeof(t) bytes char string[12]; int val[5]; double a[3]; x x + 12 x x + 4 x + 8 x + 12 x + 16 x + 20 x x + 8 x + 16 x + 24 char *p[3]; IA32 x x + 4 x + 8 x + 12 x x + 8 x + 16 x + 24 x86-64
7 Array Example #define LEN 5 typedef int intarray[len]; intarray X = { 1, 5, 2, 1, 3 ; intarray X; The example array were allocated in successive 20 byte blocks Not guaranteed to happen in general due to alignment requirements as we will see later.
8 Array Accessing Example intarray X; int get_digit (intarray z, int index) { return z[index]; IA32 # %edx = z # %eax = index movl (%edx,%eax,4),%eax # z[index] %edx : array z starting addr. %eax - array index z[index] at 4*%eax + %edx Use memory reference (%edx,%eax,4)
9 Array Loop Example (IA32) void zincr(intarray z) { int i; for (i = 0; i < LEN; i++) z[i]++; # edx = z movl $0, %eax # %eax = i.l4: # loop: addl $1, (%edx,%eax,4) # z[i]++ addl $1, %eax # i++ cmpl $5, %eax # i:5 jne.l4 # if!=, goto loop
10 Multidimensional (Nested) Arrays Declaration T A[R][C]; 2D array of data type T R rows, C columns Type T element requires K bytes Array Size R * C * K bytes Arrangement Row-Major Ordering int A[R][C]; A[0][0] A[R-1][0] A[0][C-1] A[R-1][C-1] A [0] [0] A [0] [C-1] A [1] [0] A [1] [C-1] 4*R*C Bytes A [R-1] [0] A [R-1] [C-1]
11 Nested Array Example #define PCOUNT 4 intarray Y[PCOUNT] = {{1, 5, 2, 0, 6, {1, 5, 2, 1, 3, {1, 5, 2, 1, 7, {1, 5, 2, 2, 1 ; equivalent to int Y[4][5] intarray Y[4]; Each element is an array of 5 int s, allocated contiguously Row-Major ordering of all elements guaranteed
12 Nested Array Row Access Code Example int *get_array(int index) { return Y[index]; #define PCOUNT 4 intarray Y[PCOUNT] = {{1, 5, 2, 0, 6, {1, 5, 2, 1, 3, {1, 5, 2, 1, 7, {1, 5, 2, 2, 1 ; # %eax = index leal (%eax,%eax,4),%eax # 5 * index (number of elements at each row) leal Y(,%eax,4),%eax # Y + (20 * index) Row Vector Y[index] is array of 5 int s Starting address Y+20*index IA32 Code Computes and returns address Compute as Y + 4*(index+4*index)
13 Nested Array Element Access Code Example int get_digit (int index, int dig) { return Y[index][dig]; movl 8(%ebp), %eax leal (%eax,%eax,4), %eax addl 12(%ebp), %eax movl Y(,%eax,4), %eax Array Elements Y[index][dig] is int Address: Y + 20*index + 4*dig = Y + 4*(5*index + dig) # index # 5*index # 5*index+dig # offset 4*(5*index+dig) IA32 Code Computes address Y + 4*((index+4*index)+dig) dig index Return address Old ebp ebp
14 Multi-Level Array Example intarray X = { 1, 5, 2, 1, 3 ; intarray Y = { 0, 2, 1, 3, 9 ; intarray Z = { 9, 4, 7, 2, 0 ; #define UCOUNT 3 int *univ[ucount] = {X, Y, Z; Variable univ denotes array of 3 elements Each element is a pointer 4 bytes Each pointer points to array of int s univ Y Z X
15 Example: Element Access in Multi-Level Array int get_univ_digit (int index, int dig) { return univ[index][dig]; movl 8(%ebp), %eax # index movl univ(,%eax,4), %edx # p = univ[index] movl 12(%ebp), %eax # dig movl (%edx,%eax,4), %eax # p[dig] Computation (IA32) Element access Mem[Mem[univ+4*index]+4*dig] Must do two memory reads First get pointer to row array Then access element within array First memory access Second memory access ebp dig index Return address Old ebp
16 Structure Structure Array structure Union Alignment
17 Structure Allocation struct rec { int a[3]; int i; struct rec *n; ; Memory Layout a i n Offset Concept Contiguously-allocated region of memory Refer to members within structure by names Members may be of different types
18 Structure Access Example struct rec { int a[3]; int i; struct rec *n; ; r r+12 a i n Accessing Structure Member Pointer indicates first byte of structure Access elements with offsets void set_i(struct rec *r, int val) { r->i = val; IA32 Assembly # %edx = val # %eax = r movl %edx, 12(%eax) # Mem[r+12] = val
19 Example: Generating Pointer to Structure Member r r+idx*4 struct rec { int a[3]; int i; struct rec *n; ; a i n Generating Pointer to Array Element Offset of each structure member determined at compile time Arguments Mem[%ebp+8]: r Mem[%ebp+12]: idx int *get_ap (struct rec *r, int idx) { return &r->a[idx]; movl 12(%ebp), %eax # Get idx sall $2, %eax # idx*4 addl 8(%ebp), %eax # r+idx*4
20 Following Linked List example C Code struct rec { int a[3]; int i; struct rec *n; ; void set_val (struct rec *r, int val) { while (r) { int i = r->i; r->a[i] = val; r = r->n; a i n Element i Register %edx %ecx Value r val.l17: # loop: movl 12(%edx), %eax # r->i movl %ecx, (%edx,%eax,4) # r->a[i] = val movl 16(%edx), %edx # r = r->n testl %edx, %edx # Test r jne.l17 # If!= 0 goto loop
21 Union Allocation Allocate according to largest element Can only use one field at a time union U1 { char c; int i[2]; double v; *up; struct S1 { char c; int i[2]; double v; *sp; c i[0] i[1] v up+0 up+4 up+8 c 3 bytes i[0] i[1] 4 bytes v sp+0 sp+4 sp+8 sp+16 sp+24
22 Using Union to Access Bit Patterns typedef union { float f; unsigned u; bit_float_t; u f 0 4 float bit2float(unsigned u) { bit_float_t arg; arg.u = u; return arg.f; Same as (float) u? No! Bit representation does not change! unsigned float2bit(float f) { bit_float_t arg; arg.f = f; return arg.u; Same as (unsigned) f?
23 Alignment Principles Aligned Data Primitive data type requires K bytes Address must be multiple of K Required on some machines; advised on IA32 treated differently by IA32 Linux, x86-64 Linux, and Windows! Motivation for Aligning Data Memory accessed by (aligned) chunks of 4 or 8 bytes (system dependent) Inefficient to load or store datum that spans quad word boundaries Virtual memory very tricky when datum spans 2 pages Compiler Inserts gaps in structure to ensure correct alignment of fields
24 Structures & Alignment example Unaligned Data c i[0] i[1] v p p+1 p+5 p+9 p+17 struct S1 { char c; int i[2]; double v; *p; Aligned Data Primitive data type requires K bytes Address must be multiple of K c 3 bytes i[0] i[1] 4 bytes v p+0 p+4 p+8 p+16 p+24 Multiple of 4 Multiple of 8 Multiple of 8 Multiple of 8
25 Different Alignment Conventions x86-64 or IA32 Windows: K = 8, for double element struct S1 { char c; int i[2]; double v; *p; c 3 bytes i[0] i[1] 4 bytes v p+0 p+4 p+8 p+16 p+24 IA32 Linux K = 4; double treated like a 4-byte data type c 3 bytes i[0] i[1] v p+0 p+4 p+8 p+12 p+20
26 Alignments for Arrays of Structures Overall structure length multiple of K K: largest alignment requirement Satisfy alignment requirement for every element Ex: struct S2 a[10]; struct S2 { double v; int i[2]; char c; a[10]; a[0] a[1] a[2] a+0 a+24 a+48 a+72 v i[0] i[1] c 7 bytes a+24 a+32 a+40 a+48
27 Saving Space through changing the order of declarations Put large data types first struct S4 { char c; int i; char d; *p; struct S5 { int i; char c; char d; *p; Effect (K=4) c 3 bytes i d 3 bytes i c d 2 bytes
28 Summary of homogenous and heterogeneous data Arrays in C Contiguous allocation of memory Aligned to satisfy every element s alignment requirement Pointer to first element No bounds checking Structures Allocate bytes in order declared Pad in middle and at end to satisfy alignment Unions Overlay declarations Way to circumvent type system
29 Memory buffer overflow and protection methods
30 Exploits Based on Buffer Overflows Buffer overflow bugs allow remote machines to execute arbitrary code on victim machines C does not have any array bound checking Both State variables and local variables are stored on stack Example: Internet worm of November 1988 used buffer overflow
31 Understanding buffer overflow bug -String Library Code Implementation of Unix function gets() /* Get string from stdin */ char *gets(char *dest) { int c = getchar(); char *p = dest; while (c!= EOF && c!= '\n') { *p++ = c; c = getchar(); *p = '\0'; return dest; // no bound checking // Terminating string No way to specify limit on number of characters to read Similar problems with other library functions strcpy, strcat: Copy strings of arbitrary length scanf, fscanf, sscanf, when given %s conversion specification
32 Vulnerable Buffer Code Example /* Echo Line */ void echo() { char buf[4]; /* Way too small! */ gets(buf); puts(buf); void call_echo() { echo(); unix>./bufdemo Type a string: unix>./bufdemo Type a string: abc Segmentation Fault
33 Buffer Overflow Stack example Before call to gets String length Stack Frame for main Return Address Saved %ebp Saved %ebx [3] [2] [1] [0] Stack Frame for echo 3 ( 0-3) None %ebp buf Additional Corrupted state 7 (0-7) Saved value of ebx 11 (0-11) Saved value of ebp 15 (0-15) Return address 15+ (Saved state in caller) Caller states /* Echo Line */ void echo() { char buf[4]; /* Way too small! */ gets(buf); puts(buf); echo: pushl %ebp movl %esp, %ebp pushl %ebx subl $20, %esp leal -8(%ebp),%ebx movl %ebx, (%esp) call gets... # Save %ebp on stack # Save %ebx # Allocate stack space # Compute buf as %ebp-8 # Push buf on stack # Call gets
34 Malicious Use of Buffer Overflow Example Stack after call to gets() void foo(){ bar();... return address A B foo stack frame int bar() { char buf[64]; gets(buf);... return...; data written by gets() B pad exploit code bar stack frame Input string contains byte representation of executable code Overwrite return address A with address of buffer B When bar() executes ret, will jump to exploit code
35 Avoiding Overflow Vulnerability /* Echo Line */ void echo() { char buf[4]; /* Way too small! */ fgets(buf, 4, stdin); puts(buf); Use library routines that limit string lengths fgets instead of gets strncpy instead of strcpy Don t use scanf with %s conversion specification Use fgets to read the string Or use %ns where n is a suitable integer
36 System-Level Protections Randomized stack offsets At start of program, allocate random amount of space on stack Makes it difficult for hacker to predict beginning of inserted code Nonexecutable code segments In traditional x86, can mark region of memory as either read-only or writeable Can execute anything readable X86-64 added explicit execute permission
37 System-Level Protections: Stack Canaries Idea Place special value ( canary ) on stack just beyond buffer Check for corruption before exiting function GCC Implementation -fstack-protector -fstack-protector-all unix>./bufdemo-protected Type a string: unix>./bufdemo-protected Type a string:12345 *** stack smashing detected ***
38 Setting Up Canary Before call to gets Stack Frame for main Return Address Saved %ebp %ebp Saved %ebx Canary [3] [2] [1] [0] buf Stack Frame for echo /* Echo Line */ void echo() { char buf[4]; /* Way too small! */ gets(buf); puts(buf); echo: pushl %ebp # Save %ebp on stack movl %esp, %ebp pushl %ebx # Save %ebx subl $20, %esp # Allocate stack space movl %gs:20, %eax # Get canary movl %eax, -8(%ebp) # Put on stack leal -12(%ebp),%ebx # Compute buf as %ebp-12 movl %ebx, (%esp) # Push buf on stack call gets # Call gets... gs (old inst.): the canary value is read using segmented addressing. The segment can be marked as read only
39 Checking Canary Before call to gets Stack Frame for main Before return to the caller, check whether canary is corrupted! Return Address Saved %ebp %ebp Saved %ebx Canary [3] [2] [1] [0] buf /* Echo Line */ void echo() { char buf[4]; /* Way too small! */ gets(buf); puts(buf); Stack Frame for echo echo:... movl -8(%ebp), %eax # Retrieve from stack xorl %gs:20, %eax # Compare with Canary je.l24 # Same: skip ahead call stack_chk_fail # ERROR.L24:... # normal return
40 What is next? Quiz on Chapter 3 Next Class Memory hierarchy(read chapter 6 of CSAPP)
CSC 252: Computer Organization Spring 2018: Lecture 9
CSC 252: Computer Organization Spring 2018: Lecture 9 Instructor: Yuhao Zhu Department of Computer Science University of Rochester Action Items: Assignment 2 is due tomorrow, midnight Assignment 3 is out
More informationIntroduction to Computer Systems , fall th Lecture, Sep. 28 th
Introduction to Computer Systems 15 213, fall 2009 9 th Lecture, Sep. 28 th Instructors: Majd Sakr and Khaled Harras Last Time: Structures struct rec { int i; int a[3]; int *p; }; Memory Layout i a p 0
More informationSungkyunkwan University
November, 1988 Internet Worm attacks thousands of Internet hosts. How did it happen? November, 1988 Internet Worm attacks thousands of Internet hosts. How did it happen? July, 1999 Microsoft launches MSN
More informationMachine-Level Prog. IV - Structured Data
Machine-Level Prog. IV - Structured Data Today! rrays! Structures! Unions Next time! Buffer overflow, x86-64 Fabián E. Bustamante, 2007 Basic data types! Integral Stored & operated on in general registers
More informationMachine- Level Programming V: Advanced Topics
Machine- Level Programming V: Advanced Topics Andrew Case Slides adapted from Jinyang Li, Randy Bryant & Dave O Hallaron 1 Today Structures and Unions Memory Layout Buffer Overflow Vulnerability ProtecEon
More informationBasic Data Types. Lecture 6A Machine-Level Programming IV: Structured Data. Array Allocation. Array Access Basic Principle
Lecture 6 Machine-Level Programming IV: Structured Data Topics rrays Structs Unions Basic Data Types Integral Stored & operated on in general registers Signed vs. unsigned depends on instructions used
More informationData Structures in Memory!
Data Structures in Memory! Arrays One- dimensional Mul/- dimensional (nested) Mul/- level Structs Alignment Unions 1 What is memory again? 2 Data Structures in Assembly Arrays? Strings? Structs? 3 Array
More informationIntroduction to Computer Systems , fall th Lecture, Sep. 14 th
Introduction to Computer Systems 15 213, fall 2009 7 th Lecture, Sep. 14 th Instructors: Majd Sakr and Khaled Harras Last Time For loops for loop while loop do while loop goto version for loop while loop
More informationAssembly IV: Complex Data Types. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
ssembly IV: Complex Data Types Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Basic Data Types Integer Stored & operated on in general registers
More informationBuffer Overflows. Buffer Overflow. Many of the following slides are based on those from
s Many of the following slides are based on those from 1 Complete Powerpoint Lecture Notes for Computer Systems: A Programmer's Perspective (CS:APP) Randal E. Bryant and David R. O'Hallaron http://csapp.cs.cmu.edu/public/lectures.html
More informationMachine-level Programs Data
Computer Systems Machine-level Programs Data Han, Hwansoo rray llocation Basic Principle T [L]; rray of data type T and length L Contiguously allocated region of L * sizeof(t) bytes in memory char string[12];
More informationSystems I. Machine-Level Programming VII: Structured Data
Systems I Machine-Level Programming VII: Structured Data Topics rrays Structs Unions Basic Data Types Integral Stored & operated on in general registers Signed vs. unsigned depends on instructions used
More informationMachine-Level Programming IV: Structured Data
Machine-Level Programming IV: Structured Data Topics Arrays Structs Unions Basic Data Types Integral 2 Stored & operated on in general registers Signed vs. unsigned depends on instructions used Intel GAS
More informationMachine-Level Programming V: Advanced Topics
Machine-Level Programming V: Advanced Topics Slides courtesy of: Randy Bryant & Dave O Hallaron 1 Today Structures Alignment Unions Memory Layout Buffer Overflow Vulnerability Protection 2 R.A. Rutenbar,
More informationComputer Organization: A Programmer's Perspective
A Programmer's Perspective Machine-Level Programming (4: Data Structures) Gal A. Kaminka galk@cs.biu.ac.il Today Arrays One-dimensional Multi-dimensional (nested) Multi-level Structures Allocation Access
More informationBuffer overflows. Specific topics:
Buffer overflows Buffer overflows are possible because C does not check array boundaries Buffer overflows are dangerous because buffers for user input are often stored on the stack Specific topics: Address
More informationBasic Data Types The course that gives CMU its Zip! Machine-Level Programming IV: Data Feb. 5, 2008
Machine-Level Programming IV: Data Feb. 5, 2008 class07.ppt 15-213 The course that gives CMU its Zip! Structured Data rrays Structs Unions Basic Data Types Integral Stored & operated on in general registers
More informationu Arrays One-dimensional Multi-dimensional (nested) Multi-level u Structures Allocation Access Alignment u Floating Point
u Arrays One-dimensional Multi-dimensional (nested) Multi-level u Structures Allocation Access Alignment u Floating Point u Basic Principle T A[L]; Array of data type T and length L Contiguously allocated
More informationMachine-Level Programming IV: Structured Data
Machine-Level Programming IV: Structured Data Topics Arrays Structs Basic Data Types Integral 2 Stored & operated on in general registers Signed vs. unsigned depends on instructions used Intel GAS Bytes
More informationLinux Memory Layout. Lecture 6B Machine-Level Programming V: Miscellaneous Topics. Linux Memory Allocation. Text & Stack Example. Topics.
Lecture 6B Machine-Level Programming V: Miscellaneous Topics Topics Linux Memory Layout Understanding Pointers Buffer Overflow Upper 2 hex digits of address Red Hat v. 6.2 ~1920MB memory limit FF C0 Used
More informationAssembly IV: Complex Data Types. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
ssembly IV: Complex Data Types Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Basic Data Types Integer Stored & operated on in general registers
More informationMachine-Level Programming V: Advanced Topics
Machine-Level Programming V: Advanced Topics CSE 238/2038/2138: Systems Programming Instructor: Fatma CORUT ERGİN Slides adapted from Bryant & O Hallaron s slides 1 Today Memory Layout Buffer Overflow
More informationIntegral. ! Stored & operated on in general registers. ! Signed vs. unsigned depends on instructions used
Basic Data Types Machine-Level Programming IV: Structured Data Topics! rrays! Structs! Unions Integral! Stored & operated on in general registers! Signed vs. unsigned depends on instructions used Intel
More informationBasic Data Types The course that gives CMU its Zip! Machine-Level Programming IV: Structured Data Sept. 18, 2003.
Machine-Level Programming IV: Structured Data Sept. 18, 2003 class08.ppt 15-213 The course that gives CMU its Zip! Topics rrays Structs Unions Basic Data Types Integral Stored & operated on in general
More informationSummary. Alexandre David
3.8-3.12 Summary Alexandre David 3.8.4 & 3.8.5 n Array accesses 12-04-2011 Aalborg University, CART 2 Carnegie Mellon N X N Matrix Code Fixed dimensions Know value of N at compile 2me #define N 16 typedef
More informationFloating Point Stored & operated on in floating point registers Intel GAS Bytes C Single s 4 float Double l 8 double Extended t 10/12/16 long double
Basic Data Types Integral Stored & operated on in general (integer) registers Signed vs. unsigned depends on instructions used Intel GS Bytes C byte b 1 [unsigned] char word w 2 [unsigned] short double
More informationAssembly IV: Complex Data Types
ssembly IV: Complex Data Types Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu SSE2030: Introduction to Computer Systems, Spring 2018, Jinkyu Jeong
More informationCarnegie Mellon. Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition
1 Machine-Level Programming IV: Data 15-213/18-213/14-513/15-513: Introduction to Computer Systems 8 th Lecture, September 20, 2018 2 Today Arrays One-dimensional Multi-dimensional (nested) Multi-level
More informationGiving credit where credit is due
CSCE 230J Computer Organization Machine-Level Programming IV: Structured Data Giving credit where credit is due Most of slides for this lecture are based on slides created by Drs. Bryant and O Hallaron,
More informationMore in-class activities / questions
Reading Responses 6 Yes, 1 No More often, reiew questions? Current Lab Format Yes: 6 yes, 3 No Maybe a 5-min introduction to help get started? More in-class actiities / questions Yes: 5, No: 1 Long Slides
More informationGiving credit where credit is due
CSCE 230J Computer Organization Machine-Level Programming IV: Structured Data Dr. Steve Goddard goddard@cse.unl.edu http://cse.unl.edu/~goddard/courses/csce230j Giving credit where credit is due Most of
More informationPrac*ce problem on webpage
Last year, for the first *me, spending by Apple and Google on patent lawsuits and unusually big- dollar patent purchases exceeded spending on research and development of new products But in 2008, Mr. Phillips
More informationReferencing Examples
Referencing Examples zip_dig cmu; 1 5 2 1 3 16 20 24 28 32 36 zip_dig mit; 0 2 1 3 9 36 40 44 48 52 56 zip_dig nwu; 6 0 2 0 1 56 60 64 68 72 76 Code Does Not Do ny Bounds Checking! Reference ddress Value
More informationBuffer Overflow. Jo, Heeseung
Buffer Overflow Jo, Heeseung IA-32/Linux Memory Layout Heap Runtime stack (8MB limit) Dynamically allocated storage When call malloc(), calloc(), new() DLLs (shared libraries) Data Text Dynamically linked
More informationBUFFER OVERFLOW. Jo, Heeseung
BUFFER OVERFLOW Jo, Heeseung IA-32/LINUX MEMORY LAYOUT Heap Runtime stack (8MB limit) Dynamically allocated storage When call malloc(), calloc(), new() DLLs (shared libraries) Data Text Dynamically linked
More informationMachine- Level Programming IV: x86-64 Procedures, Data
Machine- Level Programming IV: x86-64 Procedures, Data Instructor: Dr. Hyunyoung Lee Based on slides provided by Randy Bryant & Dave O Hallaron 1 Today Procedures (x86-64) Arrays One- dimensional MulA-
More informationCISC 360. Machine-Level Programming IV: Structured Data Sept. 24, 2008
CISC 360 Machine-Level Programming IV: Structured Data Sept. 24, 2008 Basic Data Types 2 CISC 360, Fa09 Array Allocation char string[12]; int val[5]; x x + 12 double a[4]; x x + 4 x + 8 x + 12 x + 16 x
More informationBuffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Buffer Overflow Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu IA-32/Linux Memory Layout Runtime stack (8MB limit) Heap Dynamically allocated storage
More informationMachine Programming 4: Structured Data
Machine Programming 4: Structured Data CS61, Lecture 6 Prof. Stephen Chong September 20, 2011 Announcements Assignment 2 (Binary bomb) due Thursday We are trying out Piazza to allow class-wide questions
More informationBuffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM
Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM x86-64 Linux Memory Layout 0x00007fffffffffff not drawn to scale Stack... Caller
More informationPage 1. Basic Data Types CISC 360. Machine-Level Programming IV: Structured Data Sept. 24, Array Access. Array Allocation.
CISC 360 Basic Data Types Machine-Level Programming IV: Structured Data Sept. 24, 2008 2 CISC 360, Fa09 rray llocation rray ccess char string[12]; int val[5]; 1 5 2 1 3 int val[5]; x x + 12 x x + 4 x +
More informationMachine-Level Programming V: Buffer overflow
Carnegie Mellon Machine-Level Programming V: Buffer overflow Slides adapted from Bryant and O Hallaron Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 1 Recall: Memory
More informationLinux Memory Layout The course that gives CMU its Zip! Machine-Level Programming IV: Miscellaneous Topics Sept. 24, Text & Stack Example
Machine-Level Programming IV: Miscellaneous Topics Sept. 24, 22 class09.ppt 15-213 The course that gives CMU its Zip! Topics Linux Memory Layout Understanding Pointers Buffer Overflow Floating Point Code
More informationMemory Organization and Addressing
Memory Organization and essing CSCI 224 / ECE 317: Computer Architecture Instructor: Prof. Jason Fritts Slides adapted from Bryant & O Hallaron s slides 1 Data Representation in Memory Memory organization
More informationMachine-Level Prog. V Miscellaneous Topics
Machine-Level Prog. V Miscellaneous Topics Today Buffer overflow Extending IA32 to 64 bits Next time Memory Fabián E. Bustamante, Spring 2010 Internet worm and IM war November, 1988 Internet Worm attacks
More informationMachine-Level Programming V: Miscellaneous Topics Sept. 24, 2002
15-213 The course that gives CMU its Zip! Machine-Level Programming V: Miscellaneous Topics Sept. 24, 2002 Topics Linux Memory Layout Understanding Pointers Buffer Overflow Floating Point Code class09.ppt
More informationGiving credit where credit is due
JDEP 284H Foundations of Computer Systems Machine-Level Programming V: Wrap-up Dr. Steve Goddard goddard@cse.unl.edu Giving credit where credit is due Most of slides for this lecture are based on slides
More informationBuffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Buffer Overflow Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu x86-64/linux Memory Layout Stack Runtime stack (8MB limit) Heap Dynamically allocated
More informationBuffer Overflow. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Buffer Overflow Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu SSE2030: Introduction to Computer Systems, Spring 2018, Jinkyu Jeong (jinkyu@skku.edu)
More informationMachine Representa/on of Programs: Arrays, Structs and Unions. This lecture. Arrays Structures Alignment Unions CS Instructor: Sanjeev Se(a
Machine Representa/on of Programs: rrays, Structs and Unions Instructor: Sanjeev Se(a 1 This lecture rrays Structures lignment Unions 2 1 This lecture rrays One- dimensional Mul(- dimensional (nested)
More informationToday. Machine-Level Programming V: Advanced Topics. x86-64 Linux Memory Layout. Memory Allocation Example. Today. x86-64 Example Addresses
Today Machine-Level Programming V: Advanced Topics CSci 2021: Machine Architecture and Organization October 17th, 2018 Your instructor: Stephen McCamant Memory Layout Buffer Overflow Vulnerability Protection
More informationCS429: Computer Organization and Architecture
CS429: Computer Organization and Architecture Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: October 31, 2017 at 09:37 CS429 Slideset 10: 1 Basic Data Types
More informationCS241 Computer Organization Spring Loops & Arrays
CS241 Computer Organization Spring 2015 Loops & Arrays 2-26 2015 Outline! Loops C loops: while, for, do-while Translation to jump to middle! Arrays Read: CS:APP2 Chapter 3, sections 3.6 3.7 IA32 Overview
More informationToday. Machine-Level Programming V: Advanced Topics. x86-64 Linux Memory Layout. Memory Allocation Example. Today. x86-64 Example Addresses
Today Machine-Level Programming V: Advanced Topics CSci 2021: Machine Architecture and Organization Lectures #14-15, February 19th-22nd,2016 Your instructor: Stephen McCamant Memory Layout Buffer Overflow
More informationBasic Data Types. CS429: Computer Organization and Architecture. Array Allocation. Array Access
Basic Data Types CS429: Computer Organization and Architecture Dr Bill Young Department of Computer Sciences University of Texas at Austin Last updated: October 31, 2017 at 09:37 Integral Stored and operated
More informationAssembly Language: Function Calls
Assembly Language: Function Calls 1 Goals of this Lecture Help you learn: Function call problems: Calling and returning Passing parameters Storing local variables Handling registers without interference
More informationCMSC 313 Fall2009 Midterm Exam 2 Section 01 Nov 11, 2009
CMSC 313 Fall2009 Midterm Exam 2 Section 01 Nov 11, 2009 Name Score out of 70 UMBC Username Notes: a. Please write clearly. Unreadable answers receive no credit. b. For TRUE/FALSE questions, write the
More informationAssembly Language: Function Calls" Goals of this Lecture"
Assembly Language: Function Calls" 1 Goals of this Lecture" Help you learn:" Function call problems:" Calling and returning" Passing parameters" Storing local variables" Handling registers without interference"
More informationLecture 7: More procedures; array access Computer Architecture and Systems Programming ( )
Systems Group Department of Computer Science ETH Zürich Lecture 7: More procedures; array access Computer Architecture and Systems Programming (252-0061-00) Timothy Roscoe Herbstsemester 2012 1 Last Time
More informationMachine-Level Programming V: Advanced Topics
Machine-Level Programming V: Advanced Topics CENG331 - Computer Organization Instructor: Murat Manguoglu Adapted from slides of the textbook: http://csapp.cs.cmu.edu/ Today Memory Layout Buffer Overflow
More informationAssembly Language: Function Calls" Goals of this Lecture"
Assembly Language: Function Calls" 1 Goals of this Lecture" Help you learn:" Function call problems:" Calling and urning" Passing parameters" Storing local variables" Handling registers without interference"
More informationCS429: Computer Organization and Architecture
CS429: Computer Organization and Architecture Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: March 5, 2018 at 05:33 CS429 Slideset 11: 1 Alignment CS429 Slideset
More informationMACHINE-LEVEL PROGRAMMING IV: Computer Organization and Architecture
MACHINE-LEVEL PROGRAMMING IV: DATA CS 045 Computer Organization and Architecture Prof. Donald J. Patterson Adapted from Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition
More informationYou may work with a partner on this quiz; both of you must submit your answers.
Instructions: Choose the best answer for each of the following questions. It is possible that several answers are partially correct, but one answer is best. It is also possible that several answers are
More information4) C = 96 * B 5) 1 and 3 only 6) 2 and 4 only
Instructions: The following questions use the AT&T (GNU) syntax for x86-32 assembly code, as in the course notes. Submit your answers to these questions to the Curator as OQ05 by the posted due date and
More informationCAS CS Computer Systems Spring 2015 Solutions to Problem Set #2 (Intel Instructions) Due: Friday, March 20, 1:00 pm
CAS CS 210 - Computer Systems Spring 2015 Solutions to Problem Set #2 (Intel Instructions) Due: Friday, March 20, 1:00 pm This problem set is to be completed individually. Explain how you got to your answers
More informationMachine- Level Programming V: Advanced Topics
Machine- Level Programming V: Advanced Topics CS 485: Systems Programming Fall 2015 Instructor: James Griffioen Adapted from slides by R. Bryant and D. O Hallaron (hjp://csapp.cs.cmu.edu/public/instructors.html)
More informationThe Hardware/So=ware Interface CSE351 Winter 2013
The Hardware/So=ware Interface CSE351 Winter 2013 Data Structures I: rrays Data Structures in ssembly rrays One- dimensional Mul:- dimensional (nested) Mul:- level Structs lignment Unions 2 rray llocaeon
More informationMachine Level Programming: Arrays, Structures and More
Machine Level Programming: rrays, Structures and More Computer Systems Organization (Spring 2016) CSCI-U 201, Section 2 Instructor: Joanna Klukowska Slides adapted from Randal E. Bryant and David R. O
More informationMachine-Level Prog. V Miscellaneous Topics
Machine-Level Prog. V Miscellaneous Topics Today Buffer overflow Extending IA32 to 64 bits Next time Memory Fabián E. Bustamante, 2007 Internet worm and IM war November, 1988 Internet Worm attacks thousands
More informationAssembly Language: Function Calls. Goals of this Lecture. Function Call Problems
Assembly Language: Function Calls 1 Goals of this Lecture Help you learn: Function call problems: Calling and urning Passing parameters Storing local variables Handling registers without interference Returning
More informationMachine-Level Programming V: Advanced Topics
Machine-Level Programming V: Advanced Topics CS140 - Assembly Language and Computer Organization March 29, 2016 Slides courtesy of: Randal E. Bryant and David R. O Hallaron 1 Today Memory Layout Buffer
More informationBuffer Overflows. CSE 351 Autumn Instructor: Justin Hsia
Buffer Overflows CSE 351 Autumn 2017 Instructor: Justin Hsia Teaching Assistants: Lucas Wotton Michael Zhang Parker DeWilde Ryan Wong Sam Gehman Sam Wolfson Savanna Yee Vinny Palaniappan http://xkcd.com/804/
More informationBuffer Overflows. CSE 351 Autumn 2018
Buffer Overflows CSE 351 Autumn 2018 Instructor: Teaching Assistants: Justin Hsia Akshat Aggarwal An Wang Andrew Hu Brian Dai Britt Henderson James Shin Kevin Bi Kory Watson Riley Germundson Sophie Tian
More informationBuffer Overflows. CSE 410 Winter Kathryn Chan, Kevin Bi, Ryan Wong, Waylon Huang, Xinyu Sui
Buffer Overflows CSE 410 Winter 2017 Instructor: Justin Hsia Teaching Assistants: Kathryn Chan, Kevin Bi, Ryan Wong, Waylon Huang, Xinyu Sui Administrivia Lab 2 & mid quarter survey due tonight Lab 3 released
More informationCS241 Computer Organization Spring Data Alignment
CS241 Computer Organization Spring 2015 Data Alignment 3-26 2015 Outline! Data Alignment! C: pointers to functions! Memory Layout Read: CS:APP2 Chapter 3, sections 3.8-3.9 Quiz next Thursday, April 2nd
More informationh"p://news.illinois.edu/news/12/0927transient_electronics_johnrogers.html
Researchers at the University of Illinois, in collaborafon with TuHs University and Northwestern University, have demonstrated a new type of biodegradable electronics technology that could introduce new
More informationFunction Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)
Function Calls COS 217 Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site) 1 Goals of Today s Lecture Finishing introduction to assembly language o EFLAGS register
More informationCarnegie Mellon. Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition
1 Machine-Level Programming V: Advanced Topics 15-213/18-213/14-513/15-513: Introduction to Computer Systems 9 th Lecture, September 25, 2018 2 Today Memory Layout Buffer Overflow Vulnerability Protection
More informationMachine-Level Programming V: Advanced Topics
Machine-Level Programming V: Advanced Topics 15-213: Introduction to Computer Systems 9 th Lecture, June 7 Instructor: Brian Railing 1 Today Memory Layout Buffer Overflow Vulnerability Protection Unions
More informationMachine- Level Representation: Data
Machine- Level Representation: Data CSCI 2021: Machine Architecture and Organiza8on Pen- Chung Yew Department Computer Science and Engineering University of Minnesota With Slides from Bryant, O Hallaron
More information2 Systems Group Department of Computer Science ETH Zürich. Argument Build 3. %r8d %rax. %r9d %rbx. Argument #6 %rcx. %r10d %rcx. Static chain ptr %rdx
Last Time Lecture 7: More procedures; array access Computer rchitecture and Systems Programming (252-0061-00) Timothy Roscoe Herbstsemester 2012 For loops - goto version goto jump to middle version Jump
More informationCMPSC 497 Buffer Overflow Vulnerabilities
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Buffer Overflow
More informationArrays and Structs. CSE 351 Summer Instructor: Justin Hsia. Teaching Assistants: Josie Lee Natalie Andreeva Teagan Horkan.
rrays and Structs CSE 351 Summer 2018 Instructor: Justin Hsia Teaching ssistants: Josie Lee Natalie ndreeva Teagan Horkan http://xkcd.com/1270/ dministrivia Lab 2 due tonight Homework 3 due next Monday
More informationProcedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27
Procedure Calls Young W. Lim 2016-11-05 Sat Young W. Lim Procedure Calls 2016-11-05 Sat 1 / 27 Outline 1 Introduction References Stack Background Transferring Control Register Usage Conventions Procedure
More informationMachine- level Programming IV: Data Structures. Topics Arrays Structs Unions
Machine- level Programming IV: Data Structures Topics Arrays Structs Unions 1! Basic Data Types Integral Stored & operated on in general registers Signed vs. unsigned depends on instrucbons used Intel
More informationMachine-level Programming (3)
Machine-level Programming (3) Procedures A: call A call A return Two issues How to return to the correct position? How to pass arguments and return values between callee to caller? 2 Procedure Control
More informationCPEG421/621 Tutorial
CPEG421/621 Tutorial Compiler data representation system call interface calling convention Assembler object file format object code model Linker program initialization exception handling relocation model
More informationSystem Programming and Computer Architecture (Fall 2009)
System Programming and Computer Architecture (Fall 2009) Recitation 2 October 8 th, 2009 Zaheer Chothia Email: zchothia@student.ethz.ch Web: http://n.ethz.ch/~zchothia/ Topics for Today Classroom Exercise
More informationCS , Fall 2001 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2001 Exam 1 October 9, 2001 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front. Write
More informationCS , Fall 2002 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2002 Exam 1 October 8, 2002 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front. Write
More informationEECS 213 Fall 2007 Midterm Exam
Full Name: EECS 213 Fall 2007 Midterm Exam Instructions: Make sure that your exam is not missing any sheets, then write your full name on the front. Write your answers in the space provided below the problem.
More information1.'(*2#3%* 2+6.)* !!"##$%$&'()&*$! +',-.$+'/-$! #0!"#$1"&2"/#',$! &'!)&,21'$3)*!40*,$ ! 5*'6728'*,20*"#$! 9)#46728'*,20*"#$:*',('7;$!
1.'(*2#3%*! 4&+5%67&%'*89:;
More informationProcedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29
Procedure Calls Young W. Lim 2017-08-21 Mon Young W. Lim Procedure Calls 2017-08-21 Mon 1 / 29 Outline 1 Introduction Based on Stack Background Transferring Control Register Usage Conventions Procedure
More informationIntroduction to Computer Systems. Exam 1. February 22, This is an open-book exam. Notes are permitted, but not computers.
15-213 Introduction to Computer Systems Exam 1 February 22, 2005 Name: Andrew User ID: Recitation Section: This is an open-book exam. Notes are permitted, but not computers. Write your answer legibly in
More informationSecure Programming Lecture 6: Memory Corruption IV (Countermeasures)
Secure Programming Lecture 6: Memory Corruption IV (Countermeasures) David Aspinall, Informatics @ Edinburgh 2nd February 2016 Outline Announcement Recap Containment and curtailment Tamper detection Memory
More informationIntroduction to Computer Systems. Exam 1. February 22, Model Solution fp
15-213 Introduction to Computer Systems Exam 1 February 22, 2005 Name: Andrew User ID: Recitation Section: Model Solution fp This is an open-book exam. Notes are permitted, but not computers. Write your
More informationProcess Layout, Function Calls, and the Heap
Process Layout, Function Calls, and the Heap CS 6 Spring 20 Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed, Matthias Vallentin January 9, 20 / 5 2 / 5 Outline Process Layout Function Calls The Heap
More informationMachine Programming 5: Buffer Overruns and Stack Exploits
Machine Programming 5: Buffer Overruns and Stack Exploits CS61, Lecture 6 Prof. Stephen Chong September 22, 2011 Thinking about grad school in Computer Science? Panel discussion Tuesday September 27th,
More informationMachine Programming 3: Procedures
Machine Programming 3: Procedures CS61, Lecture 5 Prof. Stephen Chong September 15, 2011 Announcements Assignment 2 (Binary bomb) due next week If you haven t yet please create a VM to make sure the infrastructure
More information