Carnegie Mellon 15-213 Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton D’Souza.

Slides:



Advertisements
Similar presentations
Floating Point Unit. Floating Point Unit ( FPU ) There are eight registers, namely ST(0), ST(1), ST(2), …, ST(7). They are maintained as a stack.
Advertisements

COMP 2003: Assembly Language and Digital Logic
Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 7, 2012 CSCE 212Honors Computer Organization.
%rax %eax %rbx %ebx %rdx %edx %rcx %ecx %rsi %esi %rdi %edi %rbp %ebp %rsp %esp %r8 %r8d %r9 %r9d %r11 %r11d %r10 %r10d %r12 %r12d %r13 %r13d.
ACOE2511 Assembly Language Arithmetic and Logic Instructions.
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
Flow Control Instructions
Memory & Storage Architecture Seoul National University Computer Architecture “ Bomb Lab Hints” 2nd semester, 2014 Modified version : The original.
Recitation 2: Assembly & gdb Andrew Faulring Section A 16 September 2002.
Recitation: Bomb Lab June 5, 2015 Dipayan Bhattacharya.
Goals: To gain an understanding of assembly To get your hands dirty in GDB.
Lecture 2: Basic Instructions EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014, Dr.
Recitation 2: Outline Assembly programming Using gdb L2 practice stuff Minglong Shao Office hours: Thursdays 5-6PM Wean Hall.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
1 ICS 51 Introductory Computer Organization Fall 2009.
Carnegie Mellon 1 Odds and Ends Intro to x86-64 Memory Layout.
Assembly and Bomb Lab : Introduction to Computer Systems Recitation 4: Monday, Sept. 16, 2013 Marjorie Carlson Section A.
Assembly Language. Symbol Table Variables.DATA var DW 0 sum DD 0 array TIMES 10 DW 0 message DB ’ Welcome ’,0 char1 DB ? Symbol Table Name Offset var.
1 Carnegie Mellon Assembly and Bomb Lab : Introduction to Computer Systems Recitation 4, Sept. 17, 2012.
Chapter 2 Parts of a Computer System. 2.1 PC Hardware: Memory.
Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!!
October 1, 2003Serguei A. Mokhov, 1 SOEN228, Winter 2003 Revision 1.2 Date: October 25, 2003.
COMP 2003: Assembly Language and Digital Logic Chapter 2: Flags and Instructions Notes by Neil Dickson.
Jumps, Loops and Branching. Unconditional Jumps Transfer the control flow of the program to a specified instruction, other than the next instruction in.
Assembly Language Wei Gao. Assembler language Instructions.
OUTLINE 2 Pre-requisite Bomb! Pre-requisite Bomb! 3.
Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 4, 2010 CSCE 212Honors Computer Organization.
CSC 221 Computer Organization and Assembly Language
Samira Khan University of Virginia Feb 2, 2017
Instruction Set Architecture
Recitation 5: Attack Lab
Machine-Level Programming I: Basics
Credits and Disclaimers
Recitation: Bomb Lab _______________ 18 Sep 2017.
More GDB, Intro to x86 Calling Conventions, Control Flow, & Lab 2
Homework Reading Labs PAL, pp
Recitation: Attack Lab
CSC 221 Computer Organization and Assembly Language
Debugging with gdb gdb is the GNU debugger on our CS machines.
Recitation: Bomb Lab _______________ 06 Feb 2017.
Aaron Miller David Cohen Spring 2011
Assembly IA-32.
Assembly Programming III CSE 410 Winter 2017
Assembly Programming III CSE 351 Spring 2017
Assembly Language Programming Part 2
Introduction to Computer Systems
Recitation: Attack Lab
Machine-Level Programming II: Control
Computer Architecture “Bomb Lab Hints”
x86 Programming II CSE 351 Autumn 2016
x86-64 Programming II CSE 351 Autumn 2017
x86-64 Programming II CSE 351 Winter 2018
Assembly Programming III CSE 351 Spring 2017
Recitation: Attack Lab
Homework Reading Machine Projects Labs PAL, pp
Machine-Level Programming: Introduction
Getting Started Download the tarball for this session. It will include the following files: driver 64-bit executable driver.c C driver source bomb.h declaration.
x86-64 Programming III CSE 351 Autumn 2018
X86 Assembly Review.
Get To Know Your Compiler
Carnegie Mellon Ithaca College
Carnegie Mellon Ithaca College
CS201- Lecture 8 IA32 Flow Control
x86-64 Programming III CSE 351 Winter 2019
Getting Started Download the tarball for this session. It will include the following files: driver 64-bit executable driver.c C driver source bomb.h declaration.
Credits and Disclaimers
Computer Architecture and Assembly Language
Computer Architecture and System Programming Laboratory
Recitation: Bomb Lab Your TAs September 16th 2019.
Presentation transcript:

Carnegie Mellon Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton D’Souza

Carnegie Mellon Agenda ■ Bomb Lab Overview ■ Assembly Refresher ■ Introduction to GDB ■ Unix Refresher ■ Bomb Lab Demo

Carnegie Mellon Downloading Your Bomb ■ Please read the writeup. Please read the writeup. Please Read The Writeup. ■ Your bomb is unique to you. Dr. Evil has created one million billion bombs, and can distribute as many new ones as he pleases. ■ Bombs have six phases which get progressively harder more fun to use. ■ Bombs can only run on the shark clusters. They will blow up if you attempt to run them locally.

Carnegie Mellon Exploding Your Bomb ■ Blowing up your bomb notifies Autolab. ■ Dr. Evil takes 0.5 of your points each time. ■ Inputting the right string moves you to the next phase. ■ Jumping between phases detonates the bomb

Carnegie Mellon Examining Your Bomb ■ You get: ■ An executable ■ A readme ■ A heavily redacted source file ■ Source file just makes fun of you. ■ Outsmart Dr. Evil by examining the executable

Carnegie Mellon x64 Assembly: Registers %rax %eax %rbx %ebx %rdx %edx %rcx %ecx %rsi %esi %rdi %edi %rbp %ebp %rsp %esp %r8 %r8d %r9 %r9d %r11 %r11d %r10 %r10d %r12 %r12d %r13 %r13d %r15 %r15d %r14 %r14d Return Arg 4 Arg 3 Arg 2 Arg 1 Stack ptr Arg 5 Arg 6

Carnegie Mellon x64 Assembly: Operands TypeSyntaxExampleNotes Constants Start with $ $-42 $0x15213b Don’t mix up decimal and hex Registers Start with % %esi %rax Can store values or addresses Memory Locations Parentheses around a register or an addressing mode (%rbx) 0x1c(%rax) 0x4(%rcx, %rdi, 0x1) Parentheses dereference. Look up addressing modes!

Carnegie Mellon x64 Assembly: Arithmetic Operations Instruction mov %rbx, %rdx add (%rdx), %r8 mul $3, %r8 sub $1, %r8 lea (%rdx,%rbx,2), %rdx Effect rdx = rbx r8 += value at rdx r8 *= 3 r8-- rdx = rdx + rbx*2 ■ Doesn’t dereference

Carnegie Mellon x64 Assembly: Comparisons ■ Comparison, cmp, compares two values ■ Result determines next conditional jump instruction ■ cmp b,a computes a-b, test b,a computes a&b ■ Pay attention to operand order cmpl %r9, %r10 jg If %r10 > %r9, then jump to

Carnegie Mellon x64 Assembly: Jumps InstructionEffectInstructionEffect jmp Always jump ja Jump if above (unsigned >) je/jz Jump if eq / zero jae Jump if above / equal jne/jnz Jump if !eq / !zero jb Jump if below (unsigned <) jg Jump if greater jbe Jump if below / equal jge Jump if greater / eq js Jump if sign bit is 1 (neg) jl Jump if less jns Jump if sign bit is 0 (pos) jle Jump if less / eq

Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 jge deadbeef cmp %rax, %rdi jae 15213b test %r8, %r8 jnz (%rsi) If, jump to addr 0xdeadbeef If, jump to addr 0x15213b If, jump to.

Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 jge deadbeef cmp %rax, %rdi jae 15213b test %r8, %r8 jnz (%rsi) If %r12 >= 0x15213, jump to 0xdeadbeef

Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 jge deadbeef cmp %rax, %rdi jae 15213b test %r8, %r8 jnz (%rsi) If the unsigned value of %rdi is at or above the unsigned value of %rax, jump to 0x15213b.

Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 jge deadbeef cmp %rax, %rdi jae 15213b test %r8, %r8 jnz (%rsi) If %r8 & %r8 is not zero, jump to the address stored in %rsi.

Carnegie Mellon Diffusing Your Bomb ■ objdump -t bomb examines the symbol table ■ objdump -d bomb disassembles all bomb code ■ strings bomb prints all printable strings ■ gdb bomb will open up the GNU Debugger ■ Examine while stepping through your program ▪ registers ▪ the stack ▪ contents of program memory ▪ instruction stream

Carnegie Mellon Using gdb ■ break ■ Stop execution at function name or address ■ Reset breakpoints when restarting gdb ■ run ■ Run program with args ■ Convenient for specifying text file with answers ■ disas, but not dis ■ stepi / nexti ■ Steps / does not step through function calls

Carnegie Mellon Using gdb ■ info registers ■ Print hex values in every register ■ print ( /x or /d ) $eax - Yes, use $ ■ Print hex or decimal contents of %eax ■ x $register, x 0xaddress ■ Prints what’s in the register / at the given address ■ By default, prints one word (4 bytes) ■ Specify format: /s, /[num][size][format] ▪ x/8a 0x15213 ▪ x/4wd 0xdeadbeef

Carnegie Mellon sscanf ■ Bomb uses sscanf for reading strings ■ Figure out what phase expects for input ■ Check out man sscanf for formatting string details

Carnegie Mellon If you get stuck ■ Please read the writeup. Please read the writeup. Please Read The Writeup. ■ CS:APP Chapter 3 ■ View lecture notes and course FAQ at ■ Office hours Sun - Thu 6:00-9:00PM in WeH 5207 ■ man gdb, man sscanf, man objdump

Carnegie Mellon Unix Refresher – This Saturday - 9/19/2015 You should know cd, ls, scp, ssh, tar, and chmod by now. Use man for help. exits your current program.

Carnegie Mellon Bomb Lab Demo...

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.