Buffer-overflow Lab Zutao Zhu 09/18/2009. Outline GDB and SetUID GDB tutorial Stack frame Lab.

Slides:



Advertisements
Similar presentations
Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.
Advertisements

1 CS345 Operating Systems Φροντιστήριο Άσκησης 1.
Introduction to the Omega Server CSE Overview Intro to Omega Basic Unix Command Files Directories Printing C and C++ compilers GNU Debugger.
Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 7, 2012 CSCE 212Honors Computer Organization.
Utilizing the GDB debugger to analyze programs Background and application.
Debugging What can debuggers do? Run programs Make the program stops on specified places or on specified conditions Give information about current variables’
Gdb: GNU Debugger Lecturer: Prof. Andrzej (AJ) Bieszczad Phone: “UNIX for Programmers and Users” Third Edition, Prentice-Hall,
CSE 303 Lecture 13a Debugging C programs
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Embedded Systems Principle of Debugger. Reference Materials kl.de/avr_projects/arm_projects/#winarmhttp://
Gdb is the GNU debugger on our CS machines. gdb is most effective when it is debugging a program that has debugging symbols linked in to it. With gcc and.
Debugging Cluster Programs using symbolic debuggers.
Memory & Storage Architecture Seoul National University GDB commands Hyeon-gyu School of Computer Science and Engineering.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
More Network Security Threats Worm = a stand-alone program that can replicate itself and spread Worms can also contain manipulation routines to perform.
Let’s look at an example I want to write an application that reports the course scores to you. Requirements: –Every student can only get his/her score.
Compiling & Debugging Quick tutorial. What is gcc? Gcc is the GNU Project C compiler A command-line program Gcc takes C source files as input Outputs.
Goals: To gain an understanding of assembly To get your hands dirty in GDB.
CS 241 Section Week #2 9/9/10. 2 Topics This Section MP1 issues MP2 overview Process creation using fork()‏ Debugging tools: valgrind, gdb.
Operating Systems CMPSC 473 Processes August 31, Lecture 3 Instructor: Bhuvan Urgaonkar.
A Tutorial on Introduction to gdb By Sasanka Madiraju Graduate Assistant Center for Computation and Technology.
CSE 351 GDB Introduction. Lab 1 Status? How is Lab 1 going? I’ll be available at the end of class to answer questions There are office hours later today.
Debugging. Outline Announcements: –HW II due Fridayl db.
CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 11 – gdb and Debugging.
Operating Systems Recitation 4, April th, 2002 Signals.
S OME USEFUL D EBUG C OMMANDS FOR C LEAR -S PEED S OFTWARE D EVELOPMENT K IT -- COMMANDS FROM CHAP.7 By: Pallav Laskar.
Debugging 1/6/2016. Debugging 1/6/2016 Debugging  Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a program.
Unit - V. Debugging GNU Debugger helps you in getting information about the following: 1.If a core dump happened, then what statement or expression did.
COP 3530 Spring 12 Discussion Session 1. Agenda 1.Introduction 2.Remote programming 3.Separate code 4.Compile -- g++,makefile 5.Debug -- gdb 6.Questions?
Lab 9 Department of Computer Science and Information Engineering National Taiwan University Lab9 - Debugging I 2014/11/4/ 28 1.
EXPLOITATION CRASH COURSE – FALL 2013 UTD Computer Security Group – Andrew Folloder csg.utdallas.edu (credit: Scott Hand)
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
HP-SEE Debugging with GDB Vladimir Slavnic Research Assistant SCL, Institute of Physics Belgrade The HP-SEE initiative.
GDB Introduction And Lab 2
Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 4, 2010 CSCE 212Honors Computer Organization.
Dale Roberts Debugger Dale Roberts, Lecturer Computer Science, IUPUI Department of Computer and Information Science, School.
Using the GNU Debugger (GDB)‏ Techzemplary Pvt.Ltd February 24 th 2008 Pranav Peshwe.
Institute of Radio Physics and Electronics ILug-Cal Introduction to GDB Institute of Radio Physics and Electronics and Indian GNU/Linux Users Group Kolkata.
CSCI 4061 Recitation 2 1.
DEBUG.
Section 5: Procedures & Stacks
Let’s look at an example
Buffer Overflow Walk-Through
Instructions for test_function
Dynamic Analysis ddaa.
Computer Architecture and Assembly Language
CSCE 212Honors Computer Organization
Debugging with gdb gdb is the GNU debugger on our CS machines.
Homework Reading Machine Projects Labs PAL, pp ,
gdb gdb is the GNU debugger on our CS machines.
Introduction to Computer Systems
Buffer Overflow Walk-Through
Debuggers.
More examples How many processes does this piece of code create?
GNU DEBUGGER TOOL. What is the GDB ? GNU Debugger It Works for several languages – including C/C++ [Assembly, Fortran,Go,Objective-C,Pascal]
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
Getting Started Download the tarball for this session. It will include the following files: driver 64-bit executable driver.c C driver source bomb.h declaration.
CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011.
System Level Programming Software College of SCU
Lecture 6: Multiprogramming and Context Switching
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CSE 303 Concepts and Tools for Software Development
CSCE 212Honors Computer Organization
Debugging.
Getting Started Download the tarball for this session. It will include the following files: driver 64-bit executable driver.c C driver source bomb.h declaration.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2010.
Return-to-libc Attacks
By Hugues Leger / Intro to GDB debugger By Hugues Leger / 11/16/2019.
Presentation transcript:

Buffer-overflow Lab Zutao Zhu 09/18/2009

Outline GDB and SetUID GDB tutorial Stack frame Lab

GDB and SetUID One unfortunate interaction between gdb and setuid program execution surfaces when you attempt to debug a program that is setuid or forks setuid child processes. Within gdb, execution of setuid processes is not allowed. gdb will have trouble with an app that is setuid or one that attempts to fork a setuid program such as sendmail as a child process using system() or its relatives like popen() and execl(). If you try to debug a program like this, you'll get the error message “sh: privileges disabled because of outstanding IPC access to task” and the program or child process won't execute.

GDB and SetUID The technical explanation has to do with privileges and exception ports. When gdb is debugging a process, it owns the exception ports of that process. When that process forks a child process, gdb would own the exception ports of that child process as well. But, for security the kernel disallows gdb from owning the exceptions ports of a child process that is setuid. When you attempt this, the kernel generates the privileges disabled error message and the system() call fails

GDB Tutorial Compilation flag: -g Basic commands Examine values

Basic Commands Run (r) Break (b) Continue (c) Step (s, n) Backtrace (bt) List code (l [line #]) Info breakepoints/frame/proc

Basic Commands Print (p) Quit (q) Shell (shell ls –la./) Help (help stack) Complete (complete i) Show (show version) Set (set prompt $; set var x=3)

Basic Commands Clear (current breakpoint) Delete (d) Enable/disable Condition breakpoint (break main; condition 1 something==val) Finish (return from a function)

Examine Values Print (p) x/i x/8wx x/s

Stack Frame Each stack frame corresponds to a call to a subroutine which has not yet terminated with a return. For example, if a subroutine named DrawLine is currently running, having just been called by a subroutine DrawSquare, the top part of the call stack might be laid out like this (where the stack is growing towards the top):

Stack Frame

In every stack frame, ebp -> current stack bottom, esp -> stack top, eip -> return address

Lab Security setting

Reference s/cs781/alephOne.htmlhttp:// s/cs781/alephOne.html gdbtoc.htmlhttp:// gdbtoc.html

(gdb) x/24wx 0xbfed9fb0 0xbfed9fb0: 0xbfed9fc8 0x002973a5 0xbfedb8cd 0x xbfed9fc0: 0x x xbfed9ff8 0x xbfed9fd0: 0x x xbfed9fe8 0x080482b9 0xbfed9fe0: 0x00ae4fb4 0x x x e 0xbfed9ff0: 0xbfeda010 0x00392ff4 0xbfeda038 0x002822f0 0xbfeda000: 0x00ae4ca0 0x xbfeda038 0x002822f0 (gdb) p &a[0] $6 = (int *) 0xbfed9fbc (gdb) info frame Stack level 0, frame at 0xbfed9fd0: eip = 0x80483cf in func1 (temp.c:10); saved eip 0x called by frame at 0xbfeda000 source language c. Arglist at 0xbfed9fc8, args: x=2, y=3 Locals at 0xbfed9fc8, Previous frame's sp is 0xbfed9fd0 Saved registers: ebp at 0xbfed9fc8, eip at 0xbfed9fcc (gdb) p &y $7 = (int *) 0xbfed9fd4 (gdb) p &x $8 = (int *) 0xbfed9fd0 (gdb)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.