522 \end{frame} |
522 \end{frame} |
523 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
523 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
524 |
524 |
525 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
525 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
526 \begin{frame}[c] |
526 \begin{frame}[c] |
|
527 \frametitle{The Stack} |
|
528 |
|
529 \begin{textblock}{7}(1,1) |
|
530 \begin{tikzpicture}[scale=0.8] |
|
531 %\draw[step=1cm] (-3,-1) grid (3,8); |
|
532 \draw[gray!20,fill=gray!20] (-1, 0) rectangle (1,-1); |
|
533 \draw[line width=1mm] (-1,-1.2) -- (-1,7.4); |
|
534 \draw[line width=1mm] ( 1,-1.2) -- ( 1,7.4); |
|
535 \draw (0,-1) node[anchor=south] {\tt main}; |
|
536 \draw[line width=1mm] (-1,0) -- (1,0); |
|
537 \draw (0,0) node[anchor=south] {\tt arg$_3$=3}; |
|
538 \draw[line width=1mm] (-1,1) -- (1,1); |
|
539 \draw (0,1) node[anchor=south] {\tt arg$_2$=2}; |
|
540 \draw[line width=1mm] (-1,2) -- (1,2); |
|
541 \draw (0,2) node[anchor=south] {\tt arg$_1$=1}; |
|
542 \draw[line width=1mm] (-1,3) -- (1,3); |
|
543 \draw (0,3.1) node[anchor=south] {\tt ret}; |
|
544 \draw[line width=1mm] (-1,4) -- (1,4); |
|
545 \draw (0,4) node[anchor=south] {\small\tt last sp}; |
|
546 \draw[line width=1mm] (-1,5) -- (1,5); |
|
547 \draw (0,5) node[anchor=south] {\tt buf$_1$}; |
|
548 \draw[line width=1mm] (-1,6) -- (1,6); |
|
549 \draw (0,6) node[anchor=south] {\tt buf$_2$}; |
|
550 \draw[line width=1mm] (-1,7) -- (1,7); |
|
551 \draw (2,6.1) node[anchor=south] {\code{$esp}}; |
|
552 \draw[<-,line width=0.5mm] (1.1,7) -- (2.5,7); |
|
553 |
|
554 \draw[->,line width=0.5mm] (1,4.5) -- (1.8,4.5) -- (1.8, 0) -- (1.1,0); |
|
555 \draw[->,line width=0.5mm] (1,3.5) -- (2.5,3.5); |
|
556 \draw (2.6,3.1) node[anchor=south west] {\tt back to main()}; |
|
557 |
|
558 \draw[->,red,line width=2mm] (2.5,0.1) -- (4.2,0.1); |
|
559 \end{tikzpicture} |
|
560 \end{textblock} |
|
561 |
|
562 \begin{textblock}{7}(6.4,8) |
|
563 \begin{bubble}[6.8cm] |
|
564 \footnotesize |
|
565 \lstinputlisting[language=C,xleftmargin=5mm]{../progs/example1.c} |
|
566 \end{bubble} |
|
567 \end{textblock} |
|
568 |
|
569 |
|
570 \end{frame} |
|
571 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
572 |
|
573 |
|
574 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
575 \begin{frame}[c] |
527 \frametitle{The Problem} |
576 \frametitle{The Problem} |
528 |
577 |
529 \begin{itemize} |
578 \begin{itemize} |
530 \item The basic problem is that library routines in C look as follows: |
579 \item The basic problem is that library routines in C look as follows: |
531 |
580 \end{itemize} |
532 \begin{center} |
581 |
533 \footnotesize\lstinputlisting[language=C]{../progs/app5.c} |
582 \begin{center} |
534 \end{center} |
583 \small\lstinputlisting[language=C,numbers=none]{../progs/app5.c} |
535 |
584 \end{center} |
536 \item the resulting problems are often remotely exploitable |
585 |
537 \item can be used to circumvents all access control\\ |
|
538 (for grooming botnets for further attacks) |
|
539 \end{itemize} |
|
540 |
586 |
541 \end{frame} |
587 \end{frame} |
542 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
588 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
543 |
589 |
544 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
590 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |