RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab.

Slides:

Advertisements

Similar presentations

Practical Malware Analysis

Advertisements

Calling sequence ESP.

Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.

Run-time Environment for a Program different logical parts of a program during execution stack – automatically allocated variables (local variables, subdivided.

Stacks and HeapsCS-3013 A-term A Short Digression on Stacks and Heaps CS-3013 Operating Systems A-term 2008 (Slides include materials from Modern.

Digression on Stack and Heaps CS-502 (EMC) Fall A Short Digression on Stacks and Heaps CS-502, Operating Systems Fall 2009 (EMC) (Slides include.

1 Lecture 5: Procedures Assembly Language for Intel-Based Computers, 4th edition Kip R. Irvine.

1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)

Accessing parameters from the stack and calling functions.

Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.

– 1 – , F’02 ICS05 Instructor: Peter A. Dinda TA: Bin Lin Recitation 4.

1 Homework Reading –PAL, pp , Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.

Assembly תרגול 8 פונקציות והתקפת buffer.. Procedures (Functions) A procedure call involves passing both data and control from one part of the code to.

Digression: the “Stack” 1 CS502 Spring 2006 Digression: the “Stack” Imagine the following program:– int factorial(int n){ if (n

Stacks and HeapsCS-502 Fall A Short Digression Stacks and Heaps CS-502, Operating Systems Fall 2007 (Slides include materials from Operating System.

September 22, 2014 Pengju (Jimmy) Jin Section E

Stacks and Frames Demystified CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han.

Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 7 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.

Fall 2008CS 334: Computer SecuritySlide #1 Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit.

Carnegie Mellon Introduction to Computer Systems /18-243, spring 2009 Recitation, Jan. 14 th.

Stack Operations LIFO structure (last-in,first-out) –The last value put into the stack is the first value taken out Runtime stack –A memory array that.

1 Carnegie Mellon Stacks : Introduction to Computer Systems Recitation 5: September 24, 2012 Joon-Sup Han Section F.

Runtime Environments Compiler Construction Chapter 7.

Today’s topics Parameter passing on the system stack Parameter passing on the system stack Register indirect and base-indexed addressing modes Register.

Program Compilation and Execution. Today’s Objectives Explain why runtime stack needed for C Explain why runtime stack needed for C Draw logical division.

University of Washington Today Happy Monday! HW2 due, how is Lab 3 going? Today we’ll go over:  Address space layout  Input buffers on the stack  Overflowing.

Procedures – Generating the Code Lecture 21 Mon, Apr 4, 2005.

What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.

Machine-level Programming III: Procedures Topics –IA32 stack discipline –Register saving conventions –Creating pointers to local variables.

Introduction to Assembly II Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2013/2014.

Functions. Motivation What is a function? A function is a self-contained unit of program code designed to accomplish a particular task. We already used.

CS 155 Section 1 PP1 Eu-Jin Goh. Setting up Environment Demo.

Compiler Construction Code Generation Activation Records

Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!!

University of Amsterdam Computer Systems – the instruction set architecture Arnoud Visser 1 Computer Systems The instruction set architecture.

Introduction to Assembly II Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2014/2015.

CSC 221 Computer Organization and Assembly Language Lecture 16: Procedures.

Calling Procedures C calling conventions. Outline Procedures Procedure call mechanism Passing parameters Local variable storage C-Style procedures Recursion.

Carnegie Mellon Midterm Review : Introduction to Computer Systems October 15, 2012 Instructor:

Computer Organization CS345 David Monismith Based upon notes by Dr. Bill Siever and notes from the Patternson and Hennessy Text.

Section 5: Procedures & Stacks

Recitation 3: Procedures and the Stack

Instructions for test_function

Storage Classes There are three places in memory where data may be placed: In Data section declared with .data in assembly language in C - Static) On the.

CS 140 Lecture Notes: Virtual Memory

C function call conventions and the stack

Anton Burtsev February, 2017

143A: Principles of Operating Systems Lecture 4: Calling conventions

Exploiting & Defense Day 2 Recap

Introduction to Compilers Tim Teitelbaum

Recitation: Attack Lab

CS 140 Lecture Notes: Virtual Memory

Activation Records and Function Calls

Stack Frame Linkage.

Procedures – Overview Lecture 19 Mon, Mar 28, 2005.

Assembly Language Programming II: C Compiler Calling Sequences

Understanding Program Address Space

CS 140 Lecture Notes: Virtual Memory

Practical Session 4.

The Runtime Environment

Miscellaneous Topics.

X86 Assembly Review.

“Way easier than when we were students”

CSC 497/583 Advanced Topics in Computer Security

CS 140 Lecture Notes: Virtual Memory

Runtime Stack Activation record for hanoi;

Procedures and Macros.

Implementing Functions: Overview

Presentation transcript:

RECITATION - 09/20/2010 BY SSESHADR Buflab

Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab  One of you will get lucky Datalab Handouts  Overall style OK. See comments on ink

Stack? What is the stack?  It’s NOT  The memory regions returned by malloc()  The memory where your program itself is loaded  Where the bits for general purpose register are stored  Where the return value of a function is stored  It IS  Where you can often find a function’s local variables  How parameters are passed in 32-bit x86  Where the return ADDRESS is stored  A highly structured (easily corruptible) data structure essential to the execution of your code!

Virtual Address Space The stack starts very close to 0xFFFFFFFF (for 32-bit) and grows DOWN

Stack Discipline Each function has a stack frame  Local variables  Saved registers  Anything that function wants to put in its stack Functions CALL other functions  Arguments  Return address  Base pointer

Stack Discipline

What happens when ret is executed?  Pop the stack and “ jmp ” to that address  In Java, think: eip = stack.pop(); Where can I find the return address of my function?  *(ebp + 4) How can I find the second parameter to my function?  *(ebp + 12) == the second parameter How can I find the return address of the function that CALLED me?  Remember that *ebp == old ebp  *(*ebp + 4) How are arguments pushed onto the stack?  Reverse order! Stacks are LIFO

Stack Discipline How will the “transition stack” look like for a function foo which makes the function call printf(“str = %s, num = %d”, name, 16) ValuesDescription …Stack frame for foo 0x Arguments pushed in REVERSE order All hard-coded strings are put into.rodata before runtime return address (where EIP should return in foo after the printf call) Return address foo ’s ebpOld base pointer …Stack frame for printf

Buflab It’s a hack.  Overflow the buffer to write over the return address We will go over how to solve the first phase. Whoever can answer this next question will get a head start  Only answer if you haven’t yet started buflab

x86 Review Question: %eax at the start of this has the value 0x What will %eax have after executing this code? mov 4(%eax), %eax lea 4(%eax), %eax MemoryValue 0x00FFFFFC0xDEADBEEF 0x x x x x x xBEEFBABE eax = *(eax+4) = 0x eax = (eax+4) = 0x

Buflab Demo

Pick up your datalabs!