Machine-Level Programming V: Unions and Memory layout

Similar documents
Machine-Level Programming V: Advanced Topics

Machine Level Programming: Arrays, Structures and More

Today. Machine-Level Programming V: Advanced Topics. x86-64 Linux Memory Layout. Memory Allocation Example. Today. x86-64 Example Addresses

Buffer overflows. Specific topics:

Machine-Level Programming V: Advanced Topics

Today. Machine-Level Programming V: Advanced Topics. x86-64 Linux Memory Layout. Memory Allocation Example. Today. x86-64 Example Addresses

Machine-Level Programming V: Buffer overflow

Machine-Level Programming V: Advanced Topics

CSC 252: Computer Organization Spring 2018: Lecture 9

Introduction to Computer Systems , fall th Lecture, Sep. 28 th

Machine-Level Programming V: Advanced Topics

Memory Organization and Addressing

Carnegie Mellon. Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition

Roadmap. Java: Assembly language: OS: Machine code: Computer system:

CS241 Computer Organization Spring Data Alignment

University of Washington

Machine-level Programs Adv. Topics

18-600: Recitation #4 Exploits (Attack Lab)

18-600: Recitation #4 Exploits

Structs and Alignment CSE 351 Spring

Areas for growth: I love feedback

CS429: Computer Organization and Architecture

Machine Program: Procedure. Zhaoguo Wang

Machine/Assembler Language Putting It All Together

18-600: Recitation #3

CS429: Computer Organization and Architecture

Basic Data Types. CS429: Computer Organization and Architecture. Array Allocation. Array Access

Machine-Level Programming III: Procedures

Assembly Programming IV

x86-64 Programming III & The Stack

Function Call Convention

Foundations of Computer Systems

Linux Memory Layout. Lecture 6B Machine-Level Programming V: Miscellaneous Topics. Linux Memory Allocation. Text & Stack Example. Topics.

Machine Programming 3: Procedures

Computer Organization: A Programmer's Perspective

MACHINE-LEVEL PROGRAMMING IV: Computer Organization and Architecture

Buffer Overflows. CSE 351 Autumn Instructor: Justin Hsia

The Stack & Procedures

CS 31: Intro to Systems Arrays, Structs, Strings, and Pointers. Kevin Webb Swarthmore College March 1, 2016

Buffer Overflow Attack (AskCypert CLaaS)

Lecture 4 CIS 341: COMPILERS

Buffer Overflows. CSE 410 Winter Kathryn Chan, Kevin Bi, Ryan Wong, Waylon Huang, Xinyu Sui

Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition. Carnegie Mellon

Important From Last Time

Buffer Overflows. CSE 351 Autumn 2018

CSE 351 Section 4 GDB and x86-64 Assembly Hi there! Welcome back to section, we re happy that you re here

How Software Executes

Princeton University Computer Science 217: Introduction to Programming Systems. Assembly Language: Function Calls

Procedures and the Call Stack

L14: Structs and Alignment. Structs and Alignment. CSE 351 Spring Instructor: Ruth Anderson

How Software Executes

Changelog. Corrections made in this version not in first posting: 1 April 2017: slide 13: a few more %c s would be needed to skip format string part

Machine-Level Programming II: Control

Machine- Level Programming V: Advanced Topics

How Software Executes

Important From Last Time

Functions. Ray Seyfarth. August 4, Bit Intel Assembly Language c 2011 Ray Seyfarth

Page 1. Today. Important From Last Time. Is the assembly code right? Is the assembly code right? Which compiler is right?

Register Allocation, i. Overview & spilling

15-213/18-243, Fall 2010 Exam 1 - Version A

Princeton University Computer Science 217: Introduction to Programming Systems Exceptions and Processes

Compiling C Programs Into x86-64 Assembly Programs

Intel Architecture. Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona

Machine-Level Programming II: Control

Structs and Alignment

CS165 Computer Security. Understanding low-level program execution Oct 1 st, 2015

Machine-level Programs Data

Computer Systems CEN591(502) Fall 2011

unsigned char memory[] STACK ¼ 0x xC of address space globals function KERNEL code local variables

Giving credit where credit is due

C Programming. Course Outline. C Programming. Code: MBD101. Duration: 10 Hours. Prerequisites:

CSE 351 Spring 2017 Final Exam (7 June 2017)

Assembly IV: Complex Data Types. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Do not turn the page until 5:10.

Structs & Alignment. CSE 351 Autumn Instructor: Justin Hsia

Course Overview CSCE 312. Instructor: Daniel A. Jiménez. Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition

Arrays. CSE 351 Autumn Instructor: Justin Hsia

Machine-level Programs Procedure

CSE351 Spring 2018, Midterm Exam April 27, 2018

CS61, Fall 2012 Midterm Review Section

Credits and Disclaimers

CSCI-243 Exam 1 Review February 22, 2015 Presented by the RIT Computer Science Community

Assembly IV: Complex Data Types

Machine Language CS 3330 Samira Khan

Stack Frame Components. Using the Stack (4) Stack Structure. Updated Stack Structure. Caller Frame Arguments 7+ Return Addr Old %rbp

CSC 1600 Memory Layout for Unix Processes"

Registers. Ray Seyfarth. September 8, Bit Intel Assembly Language c 2011 Ray Seyfarth

A Fast Review of C Essentials Part I

Machine- Level Representa2on: Procedure

an infinite loop Processes and Exceptions doing nothing on a busy system timing nothing

BUFFER OVERFLOW. Jo, Heeseung

Buffer Overflow. Jo, Heeseung

Hacking in C. Memory layout. Radboud University, Nijmegen, The Netherlands. Spring 2018

What is concurrency? Concurrency. What is parallelism? concurrency vs parallelism. Concurrency: (the illusion of) happening at the same time.

C Arrays and Pointers

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2018 Lecture 4

Buffer Overflow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Machine-Level Programming V: Advanced Topics

Data Representation and Storage. Some definitions (in C)

Arrays. CSE 351 Autumn Instructor: Justin Hsia

Transcription:

Machine-Level Programming V: Unions and Memory layout Slides adapted from Bryant and O Hallaron Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 1

FAQ Call conventions recap The first six integer or pointer argument are stored in RDI, RSI, RDX, RCX, R8, R9. The return value is stored in RAX. Why there are no memory load/store instructions when accessing some variables? Compiler code generation Compiler optimizations RBP and RSP RBP points to the current stack frame. RSP points to the top of the stack. Stack frame is not used when doing -O2 (and higher). Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 2

Today Structs vs. Unions Memory layout Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 3

C union vs. struct union my_union { unsigned char b[4]; int x; } union my_union U; struct my_struct { unsigned char bytes[4]; int x; }; struct my_struct S; b[0] b[1] b[2] b[3] x b[0] b[1] b[2] b[3] x p p+4 p p+4 p+8 All members in a union start at the same location i.e. only one member can contain a value at a given time Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 4

C union vs. struct union my_union { unsigned char b[4]; int x; } union my_union U; struct my_struct { unsigned char b[4]; int x; }; struct my_struct S; sz = sizeof(u); //sz?? U.b[3] = 0; U.x = 0x01020304; U.b[3] =?? sz = sizeof(s); //sz?? S.b[3] = 0; S.x = 0x01020304; S.b[3] =?? Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 5

Using Union to Access Bit Patterns typedef union { float f; unsigned u; } bit_float_t; bit_float_t x; x.f = 1.1; //what is the value of x.u? A. 1 B. 0x03f8ccccd C. 0xf3ebdddc D. 0x03000000 E. 0x00000001 Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 6

Union Allocation Allocate according to largest element union U1 { char c; int i[2]; double v; } u; c i[0] i[1] v x+0 x+4 x+8 struct S1 { char c; int i[2]; double v; } s; c 3 bytes i[0] i[1] 4 bytes v x+0 x+4 x+8 x+16 x+24 Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 7

Unions in assembly typedef union { char c; int i[2]; double v; } u_t; int get_member(u_t *u, int first) { if (first) { return U->c; }else{ return U->i[1]; } } testl %esi, %esi je.l2 movsbl (%rdi), %eax ret.l2: movl 4(%rdi), %eax ret Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 8

Today Structs vs. Unions Memory layout Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 9

x86-64 Linux Memory Layout Stack Runtime stack (8MB limit) E. g., local variables Heap Dynamically allocated as needed When call malloc(), calloc(), new() Data Statically allocated data E.g., global vars, static vars, string constants Text / Shared Libraries Executable machine instructions Read-only Hex Address 00007FFFFFFFFFFF 400000 000000 not drawn to scale Stack Shared Libraries Heap Data Text Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 10 8MB

Memory Allocation Example char big_array[1l<<24]; /* 16 MB */ char huge_array[1l<<31]; /* 2 GB */ not drawn to scale Stack int global = 0; int useless() { return 0; } int main () { void *p1, *p2, *p3, *p4; int local = 0; p1 = malloc(1l << 28); /* 256 MB */ p2 = malloc(1l << 8); /* 256 B */ p3 = malloc(1l << 32); /* 4 GB */ p4 = malloc(1l << 8); /* 256 B */ } Where does everything go? Shared Libraries Heap Data Text Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 11

x86-64 Example Addresses address range ~2 47 local 0x00007ffe4d3be87c p1 0x00007f7262a1e010 p3 0x00007f7162a1d010 p4 0x000000008359d120 p2 0x000000008359d010 big_array 0x0000000080601060 huge_array 0x0000000000601060 main() 0x000000000040060c useless() 0x0000000000400590 00007F not drawn to scale Stack Heap Heap 000000 Data Text Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 12

Segmentation Fault Each memory segment can be readable, executable, writable (or none at all) Segmentation fault occurs when program tries to access illegal memory Read from segment with no permission Write to read-only segments r/w r/w - - r/w Stack Heap Heap r/w r/x Read-only data Data Text Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 13

Segmentation fault example char str1[100] = hello world1 ; int main () { char *str2 = hello world2 ; printf( str1 %p str2 %p\n, str1, str2); str1[0] = H ; str2[0] = H } Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 14

Not all Bad Memory Access lead to immediate segmentation Carnegie Mellon typedef struct { int a[2]; double d; } struct_t; double fun(int i) { volatile struct_t s; s.d = 3.14; s.a[i] = 1073741824; /* Possibly out of bounds */ return s.d; } fun(0) 3.14 fun(1) 3.14 fun(2) 3.1399998664856 fun(3) 2.00000061035156 fun(4) 3.14 fun(6) Segmentation fault Result is system specific Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 15

Memory Referencing Bug Example typedef struct { int a[2]; double d; } struct_t; fun(0) 3.14 fun(1) 3.14 fun(2) 3.1399998664856 fun(3) 2.00000061035156 fun(4) 3.14 fun(6) Segmentation fault struct_t Critical State 6? 5? 4 d7... d4 3 d3... d0 2 a[1] 1 a[0] 0 Location accessed by fun(i) Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 16

Such problems are a BIG deal Generally called a buffer overflow when exceeding the memory size allocated for an array Why a big deal? It s the #1 technical cause of security vulnerabilities #1 overall cause is social engineering / user ignorance Most common form Unchecked lengths on string inputs Particularly for bounded character arrays on the stack sometimes referred to as stack smashing Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback