Presentation is loading. Please wait.

Presentation is loading. Please wait.

CNIT 127: Exploit Development Ch 4: Introduction to Heap Overflows

Published byCora Warren Modified over 8 years ago

Similar presentations

Presentation on theme: "CNIT 127: Exploit Development Ch 4: Introduction to Heap Overflows"— Presentation transcript:

1 CNIT 127: Exploit Development Ch 4: Introduction to Heap Overflows

2 What is a Heap?

3 Memory Map In gdb, the "info proc map" command shows how memory is used Programs have a stack, one or more heaps, and other segments malloc() allocates space on the heap free() frees the space

4 Heap and Stack

5 Heap Structure Size of previous chunk Size of this chunk
Pointer to next chunk Pointer to previous chunk Data Size of previous chunk Size of this chunk Pointer to next chunk Pointer to previous chunk Data Size of previous chunk Size of this chunk Pointer to next chunk Pointer to previous chunk Data

6 A Simple Example

7 A Simple Example

8 Viewing the Heap in gdb

9 Exploit and Crash

10 Crash in gdb

11 Targeted Exploit

12 The Problem With the Heap

13 EIP is Hard to Control The Stack contains stored EIP values
The Heap usually does not However, it has addresses that are used for writes To fill in heap data To rearrange chunks when free() is called

14 Action of Free() Must write to the forward and reverse pointers
If we can overflow a chunk, we can control those writes Write to arbitrary RAM Image from mathyvanhoef.com, link Ch 5b

15 Target RAM Options Saved return address on the Stack
Like the Buffer Overflows we did previously Global Offset Table Used to find shared library functions Destructors table (DTORS) Called when a program exits C Library Hooks

16 Target RAM Options "atexit" structure (link Ch 4n)
Any function pointer In Windows, the default unhandled exception handler is easy to find and exploit

17 Project Walkthroughs Proj 8 Proj 8x Proj 5x
Exploiting a write to a heap value Proj 8x Taking over a remote server Proj 5x Buffer overflow with a canary

Download ppt "CNIT 127: Exploit Development Ch 4: Introduction to Heap Overflows"

Similar presentations

Chapter 17 vector and Free Store John Keyser’s Modifications of Slides By Bjarne Stroustrup www.stroustrup.com/Programming.

Chapter 17 vector and Free Store John Keyser’s Modifications of Slides By Bjarne Stroustrup
Dynamic Memory Allocation (also see pointers lectures) -L. Grewe.

Dynamic Memory Allocation (also see pointers lectures) -L. Grewe.
Chris Riesbeck, Fall 2007 Dynamic Memory Allocation Today Dynamic memory allocation – mechanisms & policies Memory bugs.

Chris Riesbeck, Fall 2007 Dynamic Memory Allocation Today Dynamic memory allocation – mechanisms & policies Memory bugs.
Computer Architecture CSCE 350

Computer Architecture CSCE 350
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
DSP Implementation Lecture 3. Anatomy of a DSP Project In VDSP Linker Description File (.LDF) Source Files (.asm,.c,.h,.cpp,.dat) Object Files (.doj)

DSP Implementation Lecture 3. Anatomy of a DSP Project In VDSP Linker Description File (.LDF) Source Files (.asm,.c,.h,.cpp,.dat) Object Files (.doj)
DIEHARDER: SECURING THE HEAP. Previously in DieHard…  Increase Reliability by random positioning of data  Replicated Execution detects invalid memory.

DIEHARDER: SECURING THE HEAP. Previously in DieHard…  Increase Reliability by random positioning of data  Replicated Execution detects invalid memory.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Run time vs. Compile time

Run time vs. Compile time
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Software Development and Software Loading in Embedded Systems.

Software Development and Software Loading in Embedded Systems.
Memory Allocation CS 537 - Introduction to Operating Systems.

Memory Allocation CS Introduction to Operating Systems.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Runtime Environments Compiler Construction Chapter 7.

Runtime Environments Compiler Construction Chapter 7.
Software attacks Lorenzo Dematté Software attacks Advanced buffer overflow: heap smashing.

Software attacks Lorenzo Dematté Software attacks Advanced buffer overflow: heap smashing.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,

Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
Chapter 4 Processes. Process: what is it? A program in execution A program in execution usually usually Can also have suspended or waiting processes Can.

Chapter 4 Processes. Process: what is it? A program in execution A program in execution usually usually Can also have suspended or waiting processes Can.
Mitigation of Buffer Overflow Attacks

Mitigation of Buffer Overflow Attacks

Similar presentations

Ads by Google