How to Write a.c File 15-213: Introduction to Computer Systems Recitation 6, Oct 1, 2012 Alexander Malyshev (amalyshe) Section A, 10:30a – 11:20p, WeH.

Slides:



Advertisements
Similar presentations
Makefile Ansuman Banerjee Arijit Bishnu Debapriyo Majumdar Data and File Structures Lab M.Tech. Computer Science 1 st Year, Semester I Indian Statistical.
Advertisements

Module R2 CS450. Next Week R1 is due next Friday ▫Bring manuals in a binder - make sure to have a cover page with group number, module, and date. You.
The University of Adelaide, School of Computer Science
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Chapter 7 Process Environment Chien-Chung Shen CIS, UD
Review: Software Security David Brumley Carnegie Mellon University.
SPL – Practical Session 2 Topics: – Makefile – C++ Memory Management – Pointers.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Stack buffer overflow
Inline Assembly Section 1: Recitation 7. In the early days of computing, most programs were written in assembly code. –Unmanageable because No type checking,
Memory Image of Running Programs Executable file on disk, running program in memory, activation record, C-style and Pascal-style parameter passing.
Using subversion COMP 2400 Prof. Chris GauthierDickey.
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
Computer Security Buffer Overflow lab Eu-Jin Goh.
Carnegie Mellon 1 Debugging and Version control / : Introduction to Computer Systems 12 th Recitation, Nov. 14, 2011 Slides by: Lin Xiao(lxiao)
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
University of Calgary – CPSC 441. C PROGRAM  Collection of functions  One function “main()” is called by the operating system as the starting function.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Variables, Functions & Parameter Passing CSci 588 Fall 2013 All material not from online sources copyright © Travis Desell, 2011.
Old Chapter 10: Programming Tools A Developer’s Candy Store.
Scons Writing Solid Code Overview What is scons? scons Basics Other cools scons stuff Resources.
Chapter 0.2 – Pointers and Memory. Type Specifiers  const  may be initialised but not used in any subsequent assignment  common and useful  volatile.
WHEN GOOD CODE GOES BAD! A SHOWCASE OF MODERN PROGRAMMING MISHAPS (SensePost 2006)
Current Assignments Start Reading Chapter 6 Project 3 – Due Thursday, July 24 Contact List Program Homework 6 – Due Sunday, July 20 First part easy true/false.
File I/O, Project 1: List ADT Bryce Boe 2013/07/02 CS24, Summer 2013 C.
Agenda Attack Lab C Exercises C Conventions C Debugging
Exam / Homework Exam 1 Starting K&R chapter 4 tonight
Data Display Debugger (DDD)
15213 Recitation Section C Introduction Unix and C Playing with Bits Practice Problems Shimin Chen Sept. 9, 2002 Outline.
Memory Layout, File I/O Bryce Boe 2013/06/27 CS24, Summer 2013 C.
Topic 3: C Basics CSE 30: Computer Organization and Systems Programming Winter 2011 Prof. Ryan Kastner Dept. of Computer Science and Engineering University.
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
CS 11 C track: lecture 2 Last week: basics of C programming compilation data types ( int, float, double, char, etc.) operators ( + - * / = == += etc.)
Sairajiv Burugapalli. This chapter covers three main categories of classic software vulnerability: Buffer overflows Integer vulnerabilities Format string.
C code organization CSE 2451 Rong Shi. Topics C code organization Linking Header files Makefiles.
CS426Fall 2010/Lecture 141 Computer Security CS 426 Lecture 14 Software Vulnerabilities: Format String and Integer Overflow Vulnerabilities.
Int main( ) { x = a(); } int a() { y = b(); } int b() { z = c(); } int c() { } 1.
Announcements Partial Credit Due Date for Assignment 2 now due on Sat, Feb 27 I always seem to be behind and get tons of daily. If you me and.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
1 Homework Continue with K&R Chapter 5 –Skipping sections for now –Not covering section 5.12 Continue on HW5.
C++ Functions A bit of review (things we’ve covered so far)
Using Subversion for Source Code Control Michael McLennan HUBzero® Platform for Scientific Collaboration Purdue University This work licensed under Creative.
“Success consists of going from failure to failure without loss of enthusiasm.” Winston Churchill.
Chapter 7 Process Environment Chien-Chung Shen CIS/UD
Problem Solving With C++ SVN ( Version Control ) April 2016.
CSCI 4061 Recitation 2 1.
Recitation: C Review TA’s 2 Oct 2017.
Content Coverity Static Analysis Use cases of Coverity Examples
CSE 374 Programming Concepts & Tools
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
CSE 374 Programming Concepts & Tools
Recitation 6: C Review 30 Sept 2016.
Onward with Chat! Networking CS 3470, Section 1.
Protecting Memory What is there to protect in memory?
Command line arguments
Makefile Tutorial CIS5027 Prof: Dr. Shu-Ching Chen
Recitation: C Review TA’s 19 Feb 2018.
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Software Security Lesson Introduction
Introduction to Static Analyzer
Buffer Overflows.
Git started with git: 2018 edition
Appendix F C Programming Environment on UNIX Systems
Understanding and Preventing Buffer Overflow Attacks in Unix
System and Cyber Security
Presentation transcript:

How to Write a.c File : Introduction to Computer Systems Recitation 6, Oct 1, 2012 Alexander Malyshev (amalyshe) Section A, 10:30a – 11:20p, WeH 4623

Agenda Buffer overflow Writing a C program Makefiles Revision Control

Buffer Overflow We have an IA32 stack frame with an array on it and nothing else and we call gets(buf) – char buf[8]; Does anything bad happen when we type in: – “ ”

Buffer Overflow We have an IA32 stack frame with an array on it and nothing else and we call gets(buf) – char buf[8]; Does anything bad happen when we type in: – “ ”// nothing bad happens – “ ”

Buffer Overflow We have an IA32 stack frame with an array on it and nothing else and we call gets(buf) – char buf[8]; Does anything bad happen when we type in: – “ ”// nothing bad happens – “ ”// we overwrite the old ebp with // 0x – “ ”

Buffer Overflow We have an IA32 stack frame with an array on it and nothing else and we call gets(buf) – char buf[8]; Does anything bad happen when we type in: – “ ”// nothing bad happens – “ ”// we overwrite the old ebp with // 0x – “ ”// old ebp = 0x // return address = 0x

Buffer Overflow True/False A buffer overflow attack can only be executed on programs that use the gets() function

Buffer Overflow True/False A buffer overflow attack can only be executed on programs that use the gets() function – False, you don’t need gets() to write past the length of a buffer

Buffer Overflow True/False A buffer overflow attack can only be executed on programs that use the gets() function – False, you don’t need gets() to write past the length of a buffer Buffer overflow attacks all occur on the stack

Buffer Overflow True/False A buffer overflow attack can only be executed on programs that use the gets() function – False, you don’t need gets() to write past the length of a buffer Buffer overflow attacks all occur on the stack – False, a buffer can be allocated on the heap and someone can just as easily write past the end of it, but they won’t be attacking the return address directly anymore

Agenda Buffer overflow Writing a C program Makefiles Revision Control

Writing Code from Scratch We want to write a C program that takes the length and width of a rectangle, and prints its area The length will be specified by the “-x” flag, and the width will be specified by the “-y” flag ./area -x 5 -y 7 Any bad arguments for -x and -y should cause the program to print 0

Writing Code from Scratch $ cat area.c int main(int argc, char **argv) { int x, y; // “somehow” get arguments into x and y printf(“Area: %d\n”, x * y); return 0; }

Writing Code from Scratch We could iterate through argv and do a strcmp with “-x” and “-y” to find our integers but that can quickly get messy – Doesn’t scale well for many arguments Use the getopt() function instead

Writing Code from Scratch getopt() takes argc, and argv and a format string, and then returns the type of the current argument and moves the value of the current argument into a global variable named “optarg” Uses less code, and can handle all sorts of complicated arguments

Agenda Buffer overflow Writing a C program Makefiles Revision Control

Makefiles A way of building multiple source files into an executable Old, crufty, and the syntax isn’t pretty We don’t recommend writing one from scratch, most people just copy existing ones they find online – You’ll get one for cachelab and all subsequent labs

Makefiles You might want to modify the starter Makefile for future labs – Such as moving some of your code into separate.c files Should know how to modify/add make rules If you don’t remember what all the weird variables are ($?, etc), Google is your friend – Don’t bother memorizing them

Makefiles CC = gcc CFLAGS = -Wall –Wextra –g all: helloworld helloworld: helloworld.o # this HAS to be a hard tab, using spaces will not work $(CC) $(CFLAGS) $(LDFLAGS) –o helloworld helloworld.o helloworld.o: $(CC) $(CFLAGS) -c helloworld.c clean: rm –f helloworld helloworld.o.PHONY: clean

Makefiles CC = gcc CFLAGS = -Wall –Wextra –g all: helloworld helloworld: helloworld.o # this HAS to be a hard tab, using spaces will not work $(CC) $(CFLAGS) $(LDFLAGS) –o $^ helloworld.o: $(CC) $(CFLAGS) -c $< clean: rm –f helloworld helloworld.o.PHONY: clean

Makefiles CC = gcc CFLAGS = -Wall –Wextra –g all: helloworld helloworld: helloworld.o # this HAS to be a hard tab, using spaces will not work $(CC) $(CFLAGS) $(LDFLAGS) –o $^ %.o: %.c $(CC) $(CFLAGS) –c $< clean: rm –f helloworld *.o.PHONY: clean

Agenda Buffer overflow Writing a C program Makefiles Revision Control

A set of tools to help keep track of multiple versions of a project – Most commonly used to manage source code Want to keep history of your changes – Who changed what and when This will be super useful when you work with more than one person (proxylab)

Revision Control Many programs exist for this purpose – CVS, Subversion (svn), darcs, git We recommend that you use git – Shout out to stuco

git is your best resource for learning git – Extremely helpful, and the initial chapters get you started very quickly You’ll really only need a few commands when working by yourself – git {init, add, commit, log, status} – If you are willing, read up on branching, it will be super useful for malloclab

Summary Buffer overflow Writing a small C program from scratch Makefiles and their quirks Revision Control (aka. Please use git)