Presentation is loading. Please wait.

Presentation is loading. Please wait.

RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab."— Presentation transcript:

1 RECITATION - 09/20/2010 BY SSESHADR Buflab

2 Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab  One of you will get lucky Datalab Handouts  Overall style OK. See comments on ink

3 Stack? What is the stack?  It’s NOT  The memory regions returned by malloc()  The memory where your program itself is loaded  Where the bits for general purpose register are stored  Where the return value of a function is stored  It IS  Where you can often find a function’s local variables  How parameters are passed in 32-bit x86  Where the return ADDRESS is stored  A highly structured (easily corruptible) data structure essential to the execution of your code!

4 Virtual Address Space The stack starts very close to 0xFFFFFFFF (for 32-bit) and grows DOWN

5 Stack Discipline Each function has a stack frame  Local variables  Saved registers  Anything that function wants to put in its stack Functions CALL other functions  Arguments  Return address  Base pointer

6 Stack Discipline

7 What happens when ret is executed?  Pop the stack and “ jmp ” to that address  In Java, think: eip = stack.pop(); Where can I find the return address of my function?  *(ebp + 4) How can I find the second parameter to my function?  *(ebp + 12) == the second parameter How can I find the return address of the function that CALLED me?  Remember that *ebp == old ebp  *(*ebp + 4) How are arguments pushed onto the stack?  Reverse order! Stacks are LIFO

8 Stack Discipline How will the “transition stack” look like for a function foo which makes the function call printf(“str = %s, num = %d”, name, 16) ValuesDescription …Stack frame for foo 0x00000010 Arguments pushed in REVERSE order All hard-coded strings are put into.rodata before runtime return address (where EIP should return in foo after the printf call) Return address foo ’s ebpOld base pointer …Stack frame for printf

9 Buflab It’s a hack.  Overflow the buffer to write over the return address We will go over how to solve the first phase. Whoever can answer this next question will get a head start  Only answer if you haven’t yet started buflab

10 x86 Review Question: %eax at the start of this has the value 0x01000000 What will %eax have after executing this code? mov 4(%eax), %eax lea 4(%eax), %eax MemoryValue 0x00FFFFFC0xDEADBEEF 0x010000000x01020304 0x010000040x10203040 0x12345678 0x102030440xBEEFBABE eax = *(eax+4) = 0x10203040 eax = (eax+4) = 0x10203044

11 Buflab Demo

12 Pick up your datalabs!

Download ppt "RECITATION - 09/20/2010 BY SSESHADR Buflab. Agenda Reminders  Bomblab should be finished up  Exam 1 is on Tuesday 09/28/2010 Stack Discipline Buflab."

Similar presentations

Practical Malware Analysis

Practical Malware Analysis
Calling sequence ESP.

Calling sequence ESP.
Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.

Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.
Run-time Environment for a Program different logical parts of a program during execution stack – automatically allocated variables (local variables, subdivided.

Run-time Environment for a Program different logical parts of a program during execution stack – automatically allocated variables (local variables, subdivided.
Stacks and HeapsCS-3013 A-term 20081 A Short Digression on Stacks and Heaps CS-3013 Operating Systems A-term 2008 (Slides include materials from Modern.

Stacks and HeapsCS-3013 A-term A Short Digression on Stacks and Heaps CS-3013 Operating Systems A-term 2008 (Slides include materials from Modern.
Digression on Stack and Heaps CS-502 (EMC) Fall 20091 A Short Digression on Stacks and Heaps CS-502, Operating Systems Fall 2009 (EMC) (Slides include.

Digression on Stack and Heaps CS-502 (EMC) Fall A Short Digression on Stacks and Heaps CS-502, Operating Systems Fall 2009 (EMC) (Slides include.
1 Lecture 5: Procedures Assembly Language for Intel-Based Computers, 4th edition Kip R. Irvine.

1 Lecture 5: Procedures Assembly Language for Intel-Based Computers, 4th edition Kip R. Irvine.
1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)

1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)
Accessing parameters from the stack and calling functions.

Accessing parameters from the stack and calling functions.
Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.

Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.
– 1 – 15-213, F’02 ICS05 Instructor: Peter A. Dinda TA: Bin Lin Recitation 4.

– 1 – , F’02 ICS05 Instructor: Peter A. Dinda TA: Bin Lin Recitation 4.
1 Homework Reading –PAL, pp 201-216, 297-312 Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.

1 Homework Reading –PAL, pp , Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.
Assembly תרגול 8 פונקציות והתקפת buffer.. Procedures (Functions) A procedure call involves passing both data and control from one part of the code to.

Assembly תרגול 8 פונקציות והתקפת buffer.. Procedures (Functions) A procedure call involves passing both data and control from one part of the code to.
Digression: the “Stack” 1 CS502 Spring 2006 Digression: the “Stack” Imagine the following program:– int factorial(int n){ if (n

Digression: the “Stack” 1 CS502 Spring 2006 Digression: the “Stack” Imagine the following program:– int factorial(int n){ if (n
Stacks and HeapsCS-502 Fall 20071 A Short Digression Stacks and Heaps CS-502, Operating Systems Fall 2007 (Slides include materials from Operating System.

Stacks and HeapsCS-502 Fall A Short Digression Stacks and Heaps CS-502, Operating Systems Fall 2007 (Slides include materials from Operating System.
September 22, 2014 Pengju (Jimmy) Jin Section E

September 22, 2014 Pengju (Jimmy) Jin Section E
Stacks and Frames Demystified CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han.

Stacks and Frames Demystified CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han.
Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 7 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 7 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.

Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.
Fall 2008CS 334: Computer SecuritySlide #1 Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit.

Fall 2008CS 334: Computer SecuritySlide #1 Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit.

Similar presentations

Ads by Google