Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Stack allocation and buffer overflow CSCE 531 Presentation by Miao XU

Published byJoy Parrish Modified over 9 years ago

Similar presentations

Presentation on theme: "UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Stack allocation and buffer overflow CSCE 531 Presentation by Miao XU"— Presentation transcript:

1 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Stack allocation and buffer overflow CSCE 531 Presentation by Miao XU xum@engr.sc.edu

2 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Outline Stack allocation in Windows What is buffer overflow How to exploit buffer overflow Demo

3 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Stack allocation in TAM SB LB ST call frame SB = Stack base LB = Locals base ST = Stack top call frame Dynamic link globals

4 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Stack allocation in TAM (Contd.) A frame contains A dynamic link: to next frame on the stack (the frame of the caller) Return address Local variables for the current activation return address locals Link data Local data LB ST link

5 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering What’s going on inside Windows? Initial stack state EBP ESP EBP: Extended Base Pointer ESP: Extended Stack Pointer Current frame

6 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering What’s going on inside Windows? Before call f(arg1, arg2) –Push arguments EBP ESP EBP: Extended Base Pointer ESP: Extended Stack Pointer Current frame agr2 arg1

7 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering What’s going on inside Windows? Before call f(arg1, arg2) –Push next instruction address EBP ESP EBP: Extended Base Pointer ESP: Extended Stack Pointer Current frame agr2 arg1 Ret. Addr.

8 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering What’s going on inside Windows? Enter into f(arg1, arg2) –Push current EBP EBP ESP EBP: Extended Base Pointer ESP: Extended Stack Pointer Current frame agr2 arg1 Ret. Addr. Prev. EBP

9 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering What’s going on inside Windows? Enter into f(arg1, arg2) –Move EBP to ESP EBP ESP EBP: Extended Base Pointer ESP: Extended Stack Pointer Current frame agr2 arg1 Ret. Addr. Prev. EBP

10 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Enter into f(arg1, arg2) EBP ESP Previous frame agr2 arg1 Ret. Addr. Prev. EBP Current frame What’s going on inside Windows? EBP: Extended Base Pointer ESP: Extended Stack Pointer

11 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering What is buffer overflow? Related with stack allocation A buffer overflow, or buffer overrun, is an anomaly where a process stores data in a buffer outside the memory the programmer set aside for it. –Wikipedia

12 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Buffer overflow void function(char *str) { char buffer[8]; strcpy(buffer,str); } void main() { char large_string[256]; for( int i = 0; i < 255; i++) large_string[i] = 'A'; function(large_string); } void function(char *str) { char buffer[8]; strcpy(buffer,str); } void main() { char large_string[256]; for( int i = 0; i < 255; i++) large_string[i] = 'A'; function(large_string); }

13 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering An example

14 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering An example

15 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering An example

16 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering An example

17 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering An example

18 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering An example Return to 0x41414141

19 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Problems with buffer overflow A demo

20 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Acknowledgement The demo and part of this slides are from the training when the presenter was in Symantec, Chinese Development Center, Beijing The example comes from the following reference: –Aleph One, Smashing the stack for fun and profit, Phrack Magzine, Vol. 7 (49), 1996

21 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Questions?

22 UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

Download ppt "UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Stack allocation and buffer overflow CSCE 531 Presentation by Miao XU"

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Calling sequence ESP.

Calling sequence ESP.
Buffer Overflow Prabhaker Mateti Wright State University.

Buffer Overflow Prabhaker Mateti Wright State University.
University of Washington Procedures and Stacks II The Hardware/Software Interface CSE351 Winter 2013.

University of Washington Procedures and Stacks II The Hardware/Software Interface CSE351 Winter 2013.
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
Functions Functions and Parameters. History A function call needs to save the registers in use The called function will use the registers The registers.

Functions Functions and Parameters. History A function call needs to save the registers in use The called function will use the registers The registers.
Review: Software Security David Brumley Carnegie Mellon University.

Review: Software Security David Brumley Carnegie Mellon University.
Intro to Exploitation Stack Overflows James McFadyen UTD Computer Security Group 10/20/2011.

Intro to Exploitation Stack Overflows James McFadyen UTD Computer Security Group 10/20/2011.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Buffer Overflow By: John Quach and Napoleon N. Valdez.

Buffer Overflow By: John Quach and Napoleon N. Valdez.
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:

Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:
1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)

1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)
Buffer Overflow. Process Memory Organization.

Buffer Overflow. Process Memory Organization.
Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.

Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.
Computer Security Buffer Overflow lab Eu-Jin Goh.

Computer Security Buffer Overflow lab Eu-Jin Goh.
Overview C programming Environment C Global Variables C Local Variables Memory Map for a C Function C Activation Records Example Compilation.

Overview C programming Environment C Global Variables C Local Variables Memory Map for a C Function C Activation Records Example Compilation.
September 22, 2014 Pengju (Jimmy) Jin Section E

September 22, 2014 Pengju (Jimmy) Jin Section E
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Buffer overflows.

Buffer overflows.

Similar presentations

Ads by Google