sen-material: handouts/ho03.tex@bc1f7c82e1a8 (annotated)

156 3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1	\documentclass{article}
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	2	\usepackage{../style}
206 0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	3	\usepackage{../langs}
156 3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	4
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	5	\begin{document}
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	6
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	7	\section*{Handout 3 (Buffer Overflow Attacks)}
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	8
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	9	By far the most popular attack method on computers are buffer
211 e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	10	overflow attacks or simple variations thereof. The popularity is
212 1d2744383b7a added readme Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 211 diff changeset	11	unfortunate because we nowadays have technology in place to prevent them
191 f675aa15b6d0 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 156 diff changeset	12	effectively. But these kind of attacks are still very relevant
f675aa15b6d0 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 156 diff changeset	13	even today since there are many legacy systems out there and
f675aa15b6d0 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 156 diff changeset	14	also many modern embedded systems do not take any precautions
f675aa15b6d0 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 156 diff changeset	15	to prevent such attacks.
156 3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	16
211 e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	17	To understand how buffer overflow attacks work, we have to have
156 3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	18	a look at how computers work ``under the hood'' (on the
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	19	machine level) and also understand some aspects of the C/C++
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	20	programming language. This might not be everyday fare for
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	21	computer science students, but who said that criminal hackers
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	22	restrict themselves to everyday fare? Not to mention the
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	23	free-riding script-kiddies who use this technology without
211 e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	24	even knowing what the underlying ideas are.
156 3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	25
206 0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	26	For buffer overflow attacks to work, a number of innocent
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	27	design decisions, which are really benign on their own, need
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	28	to conspire against you. All these decisions were pretty much
211 e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	29	taken at a time when there was no Internet: C was introduced
e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	30	around 1973; the Internet TCP/IP protocol was standardised in
e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	31	1982 by which time there were maybe 500 servers connected (and
e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	32	all users were well-behaved, mostly academics); Intel's first
e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	33	8086 CPUs arrived around 1977. So nobody of the
e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	34	``forefathers'' can really be blamed, but as mentioned above
e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	35	we should already be way beyond the point that buffer overflow
e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	36	attacks are worth a thought. Unfortunately, this is far from
e6e160c7ea33 added files Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 209 diff changeset	37	the truth. I let you think why?
206 0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	38
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	39	One such ``benign'' design decision is how the memory is laid
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	40	out into different regions for each process.
204 8fe0dc898c73 added example1 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 196 diff changeset	41
206 0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	42	\begin{center}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	43	\begin{tikzpicture}[scale=0.7]
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	44	%\draw[step=1cm] (-3,-3) grid (3,3);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	45	\draw[line width=1mm] (-2, -3) rectangle (2,3);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	46	\draw[line width=1mm] (-2,1) -- (2,1);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	47	\draw[line width=1mm] (-2,-1) -- (2,-1);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	48	\draw (0,2) node {\large\tt text};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	49	\draw (0,0) node {\large\tt heap};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	50	\draw (0,-2) node {\large\tt stack};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	51
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	52	\draw (-2.7,3) node[anchor=north east] {\tt\begin{tabular}{@{}l@{}}lower\\ address\end{tabular}};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	53	\draw (-2.7,-3) node[anchor=south east] {\tt\begin{tabular}{@{}l@{}}higher\\ address\end{tabular}};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	54	\draw[->, line width=1mm] (-2.5,3) -- (-2.5,-3);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	55
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	56	\draw (2.7,-2) node[anchor=west] {\tt grows};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	57	\draw (2.7,-3) node[anchor=south west] {\tt\footnotesize older};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	58	\draw (2.7,-1) node[anchor=north west] {\tt\footnotesize newer};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	59	\draw[\|->, line width=1mm] (2.5,-3) -- (2.5,-1);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	60	\end{tikzpicture}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	61	\end{center}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	62
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	63	\noindent The text region contains the program code (usually
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	64	this region is read-only). The heap stores all data the
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	65	programmer explicitly allocates. For us the most interesting
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	66	region is the stack, which contains data mostly associated
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	67	with the ``control flow'' of the program. Notice that the stack
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	68	grows from a higher addresses to lower addresses. That means
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	69	that older items on the stack will be stored behind newer
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	70	items. Let's look a bit closer what happens with the stack.
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	71	Consider the the trivial C program.
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	72
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	73	\lstinputlisting[language=C]{../progs/example1.c}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	74
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	75	\noindent The main function calls \code{foo} with three
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	76	argument. Foo contains two (local) buffers. The interesting
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	77	point is what will the stack looks like after Line 3 has been
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	78	executed? The answer is as follows:
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	79
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	80	\begin{center}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	81	\begin{tikzpicture}[scale=0.65]
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	82	\draw[gray!20,fill=gray!20] (-5, 0) rectangle (-3,-1);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	83	\draw[line width=1mm] (-5,-1.2) -- (-5,0.2);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	84	\draw[line width=1mm] (-3,-1.2) -- (-3,0.2);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	85	\draw (-4,-1) node[anchor=south] {\tt main};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	86	\draw[line width=1mm] (-5,0) -- (-3,0);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	87
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	88	\draw[gray!20,fill=gray!20] (3, 0) rectangle (5,-1);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	89	\draw[line width=1mm] (3,-1.2) -- (3,0.2);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	90	\draw[line width=1mm] (5,-1.2) -- (5,0.2);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	91	\draw (4,-1) node[anchor=south] {\tt main};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	92	\draw[line width=1mm] (3,0) -- (5,0);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	93
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	94	%\draw[step=1cm] (-3,-1) grid (3,8);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	95	\draw[gray!20,fill=gray!20] (-1, 0) rectangle (1,-1);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	96	\draw[line width=1mm] (-1,-1.2) -- (-1,7.4);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	97	\draw[line width=1mm] ( 1,-1.2) -- ( 1,7.4);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	98	\draw (0,-1) node[anchor=south] {\tt main};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	99	\draw[line width=1mm] (-1,0) -- (1,0);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	100	\draw (0,0) node[anchor=south] {\tt arg$_3$=3};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	101	\draw[line width=1mm] (-1,1) -- (1,1);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	102	\draw (0,1) node[anchor=south] {\tt arg$_2$=2};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	103	\draw[line width=1mm] (-1,2) -- (1,2);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	104	\draw (0,2) node[anchor=south] {\tt arg$_1$=1};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	105	\draw[line width=1mm] (-1,3) -- (1,3);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	106	\draw (0,3.1) node[anchor=south] {\tt ret};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	107	\draw[line width=1mm] (-1,4) -- (1,4);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	108	\draw (0,4) node[anchor=south] {\small\tt last sp};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	109	\draw[line width=1mm] (-1,5) -- (1,5);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	110	\draw (0,5) node[anchor=south] {\tt buf$_1$};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	111	\draw[line width=1mm] (-1,6) -- (1,6);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	112	\draw (0,6) node[anchor=south] {\tt buf$_2$};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	113	\draw[line width=1mm] (-1,7) -- (1,7);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	114
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	115	\draw[->,line width=0.5mm] (1,4.5) -- (1.8,4.5) -- (1.8, 0) -- (1.1,0);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	116	\draw[->,line width=0.5mm] (1,3.5) -- (2.5,3.5);
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	117	\draw (2.6,3.1) node[anchor=south west] {\tt back to main()};
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	118	\end{tikzpicture}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	119	\end{center}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	120
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	121	\noindent On the left is the stack before \code{foo} is
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	122	called; on the right is the stack after \code{foo} finishes.
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	123	The function call to \code{foo} in Line 7 pushes the arguments
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	124	onto the stack in reverse order---shown in the middle.
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	125	Therefore first 3 then 2 and finally 1. Then it pushes the
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	126	return address to the stack where execution should resume once
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	127	\code{foo} has finished. The last stack pointer (\code{sp}) is
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	128	needed in order to clean up the stack to the last level---in
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	129	fact there is no cleaning involved, but just the top of the
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	130	stack will be set back. The two buffers are also on the stack,
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	131	because they are local data within \code{foo}.
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	132
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	133
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	134	Another part of the ``conspiracy'' is that library functions
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	135	in C look typically as follows:
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	136
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	137	\begin{center}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	138	\lstinputlisting[language=C,numbers=none]{../progs/app5.c}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	139	\end{center}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	140
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	141	\noindent This function copies data from a source \pcode{src}
209 fd43a9cd9c07 updates Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 206 diff changeset	142	to a destination \pcode{dst}. The important point is that it
fd43a9cd9c07 updates Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 206 diff changeset	143	copies the data until it reaches a zero-byte (\code{"\\0"}).
206 0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	144
213 9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	145	\begin{figure}[p]
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	146	\lstinputlisting[language=C]{../progs/C2.c}
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	147	\caption{A suspicious login implementation.\label{C2}}
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	148	\end{figure}
9c2fa54c7c2d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 212 diff changeset	149
206 0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	150	\bigskip\bigskip
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	151	\subsubsection*{A Crash-Course on GDB}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	152
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	153	\begin{itemize}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	154	\item \texttt{(l)ist n} -- listing the source file from line
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	155	\texttt{n}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	156	\item \texttt{disassemble fun-name}
218 bc1f7c82e1a8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	157	\item \texttt{run args} -- starts the program, potential
bc1f7c82e1a8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 213 diff changeset	158	arguments can be given
206 0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	159	\item \texttt{(b)reak line-number} -- set break point
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	160	\item \texttt{(c)ontinue} -- continue execution until next
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	161	breakpoint in a line number
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	162
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	163	\item \texttt{x/nxw addr} -- print out \texttt{n} words starting
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	164	from address \pcode{addr}, the address could be \code{$esp}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	165	for looking at the content of the stack
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	166	\item \texttt{x/nxb addr} -- print out \texttt{n} bytes
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	167	\end{itemize}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	168
204 8fe0dc898c73 added example1 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 196 diff changeset	169
196 22f027da67ec updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 191 diff changeset	170	\bigskip\bigskip \noindent If you want to know more about
22f027da67ec updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 191 diff changeset	171	buffer overflow attacks, the original Phrack article
22f027da67ec updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 191 diff changeset	172	``Smashing The Stack For Fun And Profit'' by Elias Levy (also
22f027da67ec updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 191 diff changeset	173	known as Aleph One) is an engaging read:
22f027da67ec updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 191 diff changeset	174
22f027da67ec updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 191 diff changeset	175	\begin{center}
22f027da67ec updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 191 diff changeset	176	\url{http://phrack.org/issues/49/14.html}
22f027da67ec updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 191 diff changeset	177	\end{center}
206 0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	178
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	179	\noindent This is an article from 1996 and some parts are
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	180	not up-to-date anymore. The article called
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	181	``Smashing the Stack in 2010''
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	182
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	183	\begin{center}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	184	\url{http://www.mgraziano.info/docs/stsi2010.pdf}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	185	\end{center}
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	186
0105257429f3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 204 diff changeset	187	\noindent updates, as the name says, most information to 2010.
196 22f027da67ec updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 191 diff changeset	188
156 3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	189	\end{document}
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	190
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	191	%%% Local Variables:
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	192	%%% mode: latex
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	193	%%% TeX-master: t
3b831b9dc616 added some initial handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	194	%%% End:

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Tue, 07 Oct 2014 00:15:41 +0100
changeset 218	bc1f7c82e1a8
parent 213	9c2fa54c7c2d
child 227	7807863c4196
permissions	-rw-r--r--