333 \code{char buf[8] = "AAAAAAAABBBB\\xf4\\x83\\x04\\x08\\x00"} |
333 \code{char buf[8] = "AAAAAAAABBBB\\xf4\\x83\\x04\\x08\\x00"} |
334 \end{textblock} |
334 \end{textblock} |
335 |
335 |
336 \end{frame} |
336 \end{frame} |
337 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
337 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
338 |
|
339 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
340 \tikzset{alt/.code args={<#1>#2#3#4}{% |
|
341 \alt<#1>{\pgfkeysalso{#2}}{\pgfkeysalso{#3}} % \pgfkeysalso doesn't change the path |
|
342 }} |
|
343 |
|
344 \begin{frame}[t] |
|
345 \frametitle{Buffer Overflow Attacks} |
|
346 |
|
347 \begin{itemize} |
|
348 \item the problem arises from the way C/C++ organises its function calls\\[-8mm]\mbox{} |
|
349 \end{itemize} |
|
350 |
|
351 \begin{center} |
|
352 \begin{tikzpicture}[scale=1] |
|
353 %\draw[black!10,step=2mm] (0,0) grid (9,4); |
|
354 %\draw[black!10,thick,step=10mm] (0,0) grid (9,4); |
|
355 |
|
356 \node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}}; |
|
357 \draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8); |
|
358 \draw[line width=0mm, white, alt=<9->{fill=red}{fill=blue}] (0,0.2) rectangle (1,0.5); |
|
359 \draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5); |
|
360 \draw[line width=1mm, alt=<6->{fill=red}{fill=blue}] (0,1.0) rectangle (1,2.0); |
|
361 \draw[line width=1mm, alt=<7->{fill=yellow}{fill=blue}] (0,0.5) rectangle (1,1.0); |
|
362 \draw[line width=1mm] (0,0) -- (0,4); |
|
363 \draw[line width=1mm] (1,0) -- (1,4); |
|
364 |
|
365 \node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}}; |
|
366 \draw[line width=1mm, alt=<{4-5,8}>{fill=red}{fill=blue}] (3,1.0) rectangle (4,3.0); |
|
367 |
|
368 \onslide<3-4>{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);} |
|
369 \onslide<5>{\draw[<-, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {res=24} (3,1);} |
|
370 |
|
371 \onslide<7-8>{\draw[->, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {n=3} (3,3);} |
|
372 \onslide<9>{\draw[<-, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {res=6} (3,1);} |
|
373 |
|
374 |
|
375 \node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}}; |
|
376 \draw[line width=1mm] (7,3.5) -- (7,0.5) -- (8.5,0.5) -- (8.5,3.5); |
|
377 |
|
378 \onslide<3,4,7,8>{ |
|
379 \node at (7.75, 1.4) {ret}; |
|
380 \draw[line width=1mm] (7,1.1) -- (8.5,1.1); |
|
381 \node at (7.75, 2.0) {sp}; |
|
382 \draw[line width=1mm] (7,2.3) -- (8.5,2.3); |
|
383 } |
|
384 \onslide<3,4>{ |
|
385 \node at (7.75, 0.8) {4}; |
|
386 \draw[line width=1mm] (7,1.7) -- (8.5,1.7); |
|
387 } |
|
388 \onslide<7,8>{ |
|
389 \node at (7.75, 0.8) {3}; |
|
390 \draw[line width=1mm] (7,1.7) -- (8.5,1.7); |
|
391 } |
|
392 |
|
393 |
|
394 \end{tikzpicture} |
|
395 \end{center} |
|
396 |
|
397 \end{frame} |
|
398 |
|
399 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
400 \begin{frame}[t] |
|
401 |
|
402 \begin{center} |
|
403 \begin{tikzpicture}[scale=1] |
|
404 %\draw[black!10,step=2mm] (0,0) grid (9,4); |
|
405 %\draw[black!10,thick,step=10mm] (0,0) grid (9,4); |
|
406 |
|
407 \node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}}; |
|
408 \draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8); |
|
409 \draw[line width=1mm, white, fill=blue] (0,1.0) rectangle (1,2.0); |
|
410 \draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5); |
|
411 \draw[line width=1mm] (0,0) -- (0,4); |
|
412 \draw[line width=1mm] (1,0) -- (1,4); |
|
413 |
|
414 \node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}}; |
|
415 \draw[line width=0mm, alt=<{4-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,3.0); |
|
416 \draw[line width=0mm, alt=<{5-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,2.0); |
|
417 \draw[line width=0mm, alt=<{7-}>{red, fill=red}{blue, fill=blue}] (3,2.0) rectangle (4,1.0); |
|
418 \draw[line width=1mm] (3,1.0) rectangle (4,3.0); |
|
419 |
|
420 \onslide<3->{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);} |
|
421 \onslide<5->{\draw[<-, line width=2mm,red] (4,2) to node [above,sloped,midway] |
|
422 {\begin{tabular}{l}user\\[-1mm] input\end{tabular}} (6,2);} |
|
423 \onslide<8->{\draw[<-, line width=1mm,red] (1,-2) to (3,1);} |
|
424 |
|
425 \node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}}; |
|
426 \draw[line width=1mm] (7,3.5) -- (7,-0.1) -- (8.5,-0.1) -- (8.5,3.5); |
|
427 |
|
428 \onslide<3->{ |
|
429 \node at (7.75, 0.2) {4}; |
|
430 \draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,0.5) rectangle (8.5,1.1); |
|
431 \node at (7.75, 0.8) {\alt<6->{@a\#}{ret}}; |
|
432 \draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,1.1) rectangle (8.5,1.7); |
|
433 \node at (7.75, 1.4) {\alt<6->{!?w;}sp}; |
|
434 } |
|
435 |
|
436 \onslide<4->{ |
|
437 \draw[line width=1mm,fill=red] (7,1.7) rectangle (8.5,3.0); |
|
438 \node[white] at (7.75, 2.4) {buffer}; |
|
439 } |
|
440 |
|
441 \end{tikzpicture} |
|
442 \end{center} |
|
443 |
|
444 \end{frame} |
|
445 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
446 |
338 |
447 |
339 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
448 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
340 \begin{frame}[c] |
449 \begin{frame}[c] |
341 \frametitle{C-Library Functions} |
450 \frametitle{C-Library Functions} |
342 |
451 |