Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carnegie Mellon 15-213 Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton D’Souza.

Published byLouisa Hodge Modified over 8 years ago

Similar presentations

Presentation on theme: "Carnegie Mellon 15-213 Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton D’Souza."— Presentation transcript:

1 Carnegie Mellon 15-213 Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton D’Souza

2 Carnegie Mellon Agenda ■ Bomb Lab Overview ■ Assembly Refresher ■ Introduction to GDB ■ Unix Refresher ■ Bomb Lab Demo

3 Carnegie Mellon Downloading Your Bomb ■ Please read the writeup. Please read the writeup. Please Read The Writeup. ■ Your bomb is unique to you. Dr. Evil has created one million billion bombs, and can distribute as many new ones as he pleases. ■ Bombs have six phases which get progressively harder more fun to use. ■ Bombs can only run on the shark clusters. They will blow up if you attempt to run them locally.

4 Carnegie Mellon Exploding Your Bomb ■ Blowing up your bomb notifies Autolab. ■ Dr. Evil takes 0.5 of your points each time. ■ Inputting the right string moves you to the next phase. ■ Jumping between phases detonates the bomb

5 Carnegie Mellon Examining Your Bomb ■ You get: ■ An executable ■ A readme ■ A heavily redacted source file ■ Source file just makes fun of you. ■ Outsmart Dr. Evil by examining the executable

6 Carnegie Mellon x64 Assembly: Registers %rax %eax %rbx %ebx %rdx %edx %rcx %ecx %rsi %esi %rdi %edi %rbp %ebp %rsp %esp %r8 %r8d %r9 %r9d %r11 %r11d %r10 %r10d %r12 %r12d %r13 %r13d %r15 %r15d %r14 %r14d Return Arg 4 Arg 3 Arg 2 Arg 1 Stack ptr Arg 5 Arg 6

7 Carnegie Mellon x64 Assembly: Operands TypeSyntaxExampleNotes Constants Start with $ $-42 $0x15213b Don’t mix up decimal and hex Registers Start with % %esi %rax Can store values or addresses Memory Locations Parentheses around a register or an addressing mode (%rbx) 0x1c(%rax) 0x4(%rcx, %rdi, 0x1) Parentheses dereference. Look up addressing modes!

8 Carnegie Mellon x64 Assembly: Arithmetic Operations Instruction mov %rbx, %rdx add (%rdx), %r8 mul $3, %r8 sub $1, %r8 lea (%rdx,%rbx,2), %rdx Effect rdx = rbx r8 += value at rdx r8 *= 3 r8-- rdx = rdx + rbx*2 ■ Doesn’t dereference

9 Carnegie Mellon x64 Assembly: Comparisons ■ Comparison, cmp, compares two values ■ Result determines next conditional jump instruction ■ cmp b,a computes a-b, test b,a computes a&b ■ Pay attention to operand order cmpl %r9, %r10 jg 8675309 If %r10 > %r9, then jump to 8675309

10 Carnegie Mellon x64 Assembly: Jumps InstructionEffectInstructionEffect jmp Always jump ja Jump if above (unsigned >) je/jz Jump if eq / zero jae Jump if above / equal jne/jnz Jump if !eq / !zero jb Jump if below (unsigned <) jg Jump if greater jbe Jump if below / equal jge Jump if greater / eq js Jump if sign bit is 1 (neg) jl Jump if less jns Jump if sign bit is 0 (pos) jle Jump if less / eq

11 Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 jge deadbeef cmp %rax, %rdi jae 15213b test %r8, %r8 jnz (%rsi) If, jump to addr 0xdeadbeef If, jump to addr 0x15213b If, jump to.

12 Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 jge deadbeef cmp %rax, %rdi jae 15213b test %r8, %r8 jnz (%rsi) If %r12 >= 0x15213, jump to 0xdeadbeef

13 Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 jge deadbeef cmp %rax, %rdi jae 15213b test %r8, %r8 jnz (%rsi) If the unsigned value of %rdi is at or above the unsigned value of %rax, jump to 0x15213b.

14 Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 jge deadbeef cmp %rax, %rdi jae 15213b test %r8, %r8 jnz (%rsi) If %r8 & %r8 is not zero, jump to the address stored in %rsi.

15 Carnegie Mellon Diffusing Your Bomb ■ objdump -t bomb examines the symbol table ■ objdump -d bomb disassembles all bomb code ■ strings bomb prints all printable strings ■ gdb bomb will open up the GNU Debugger ■ Examine while stepping through your program ▪ registers ▪ the stack ▪ contents of program memory ▪ instruction stream

16 Carnegie Mellon Using gdb ■ break ■ Stop execution at function name or address ■ Reset breakpoints when restarting gdb ■ run ■ Run program with args ■ Convenient for specifying text file with answers ■ disas, but not dis ■ stepi / nexti ■ Steps / does not step through function calls

17 Carnegie Mellon Using gdb ■ info registers ■ Print hex values in every register ■ print ( /x or /d ) $eax - Yes, use $ ■ Print hex or decimal contents of %eax ■ x $register, x 0xaddress ■ Prints what’s in the register / at the given address ■ By default, prints one word (4 bytes) ■ Specify format: /s, /[num][size][format] ▪ x/8a 0x15213 ▪ x/4wd 0xdeadbeef

18 Carnegie Mellon sscanf ■ Bomb uses sscanf for reading strings ■ Figure out what phase expects for input ■ Check out man sscanf for formatting string details

19 Carnegie Mellon If you get stuck ■ Please read the writeup. Please read the writeup. Please Read The Writeup. ■ CS:APP Chapter 3 ■ View lecture notes and course FAQ at http://cs.cmu.edu/~213 http://cs.cmu.edu/~213 ■ Office hours Sun - Thu 6:00-9:00PM in WeH 5207 ■ man gdb, man sscanf, man objdump

20 Carnegie Mellon Unix Refresher – This Saturday - 9/19/2015 You should know cd, ls, scp, ssh, tar, and chmod by now. Use man for help. exits your current program.

21 Carnegie Mellon Bomb Lab Demo...

Download ppt "Carnegie Mellon 15-213 Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton D’Souza."

Similar presentations

Floating Point Unit. Floating Point Unit ( FPU ) There are eight registers, namely ST(0), ST(1), ST(2), …, ST(7). They are maintained as a stack.

Floating Point Unit. Floating Point Unit ( FPU ) There are eight registers, namely ST(0), ST(1), ST(2), …, ST(7). They are maintained as a stack.
COMP 2003: Assembly Language and Digital Logic

COMP 2003: Assembly Language and Digital Logic
Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 7, 2012 CSCE 212Honors Computer Organization.

Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 7, 2012 CSCE 212Honors Computer Organization.
%rax %eax %rbx %ebx %rdx %edx %rcx %ecx %rsi %esi %rdi %edi %rbp %ebp %rsp %esp %r8 %r8d %r9 %r9d %r11 %r11d %r10 %r10d %r12 %r12d %r13 %r13d.

%rax %eax %rbx %ebx %rdx %edx %rcx %ecx %rsi %esi %rdi %edi %rbp %ebp %rsp %esp %r8 %r8d %r9 %r9d %r11 %r11d %r10 %r10d %r12 %r12d %r13 %r13d.
ACOE2511 Assembly Language Arithmetic and Logic Instructions.

ACOE2511 Assembly Language Arithmetic and Logic Instructions.
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.

1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
Flow Control Instructions

Flow Control Instructions
Memory & Storage Architecture Seoul National University Computer Architecture “ Bomb Lab Hints” 2nd semester, 2014 Modified version : The original.

Memory & Storage Architecture Seoul National University Computer Architecture “ Bomb Lab Hints” 2nd semester, 2014 Modified version : The original.
Recitation 2: Assembly & gdb Andrew Faulring 15213 Section A 16 September 2002.

Recitation 2: Assembly & gdb Andrew Faulring Section A 16 September 2002.
15-213 Recitation: Bomb Lab June 5, 2015 Dipayan Bhattacharya.

Recitation: Bomb Lab June 5, 2015 Dipayan Bhattacharya.
Goals: To gain an understanding of assembly To get your hands dirty in GDB.

Goals: To gain an understanding of assembly To get your hands dirty in GDB.
Lecture 2: Basic Instructions EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014, Dr.

Lecture 2: Basic Instructions EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014, Dr.
Recitation 2: Outline Assembly programming Using gdb L2 practice stuff Minglong Shao Office hours: Thursdays 5-6PM Wean Hall.

Recitation 2: Outline Assembly programming Using gdb L2 practice stuff Minglong Shao Office hours: Thursdays 5-6PM Wean Hall.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
1 ICS 51 Introductory Computer Organization Fall 2009.

1 ICS 51 Introductory Computer Organization Fall 2009.
Carnegie Mellon 1 Odds and Ends Intro to x86-64 Memory Layout.

Carnegie Mellon 1 Odds and Ends Intro to x86-64 Memory Layout.
Assembly and Bomb Lab 15-213: Introduction to Computer Systems Recitation 4: Monday, Sept. 16, 2013 Marjorie Carlson Section A.

Assembly and Bomb Lab : Introduction to Computer Systems Recitation 4: Monday, Sept. 16, 2013 Marjorie Carlson Section A.
Assembly Language. Symbol Table Variables.DATA var DW 0 sum DD 0 array TIMES 10 DW 0 message DB ’ Welcome ’,0 char1 DB ? Symbol Table Name Offset var.

Assembly Language. Symbol Table Variables.DATA var DW 0 sum DD 0 array TIMES 10 DW 0 message DB ’ Welcome ’,0 char1 DB ? Symbol Table Name Offset var.
1 Carnegie Mellon Assembly and Bomb Lab 15-213: Introduction to Computer Systems Recitation 4, Sept. 17, 2012.

1 Carnegie Mellon Assembly and Bomb Lab : Introduction to Computer Systems Recitation 4, Sept. 17, 2012.
Chapter 2 Parts of a Computer System. 2.1 PC Hardware: Memory.

Chapter 2 Parts of a Computer System. 2.1 PC Hardware: Memory.

Similar presentations

Ads by Google