CU-Boulder CSCI 6268 - Lecture Notes (39 pages)

Previewing pages 1, 2, 3, 18, 19, 37, 38, 39 of 39 page document View the full content.
View Full Document

Lecture Notes



Previewing pages 1, 2, 3, 18, 19, 37, 38, 39 of actual document.

View the full content.
View Full Document
View Full Document

Lecture Notes

30 views

Lecture Notes


Pages:
39
School:
University of Colorado at Boulder
Course:
Csci 6268 - Foundations of Computer and Network Security
Foundations of Computer and Network Security Documents

Unformatted text preview:

Foundations of Network and Computer Security John Black Lecture 19 Nov 3rd 2005 CSCI 6268 TLEN 5831 Fall 2005 Announcements Midterm 2 is Nov 8th Next Class Martin will proctor I m at CCS Project 1 is due today Hand in here in class CAETE students can mail to Martin Webpage for all certs is http ucsu colorado edu cochranm certs html This is listed as part of the Project2 description Memory Organization Text Static Data Heap Stack Stack Frames Simple example example1 c void function int a int b int c char buffer1 5 char buffer2 10 void main function 1 2 3 gcc S o example1 s example1 c Calling Convention main pushl 3 pushl 2 pushl 1 call function push parameters in rev order pushes ret addr on stack function pushl ebp movl esp ebp subl 20 esp mov ebp esp pop ebp ret save old frame ptr set frame ptr to stack ptr allocate space for locals Stack Memory What does the stack look like when function is called Top of stack buffer2 12 bytes buffer1 8 bytes sfp Saved Frame Pointer 4 bytes ret Return address to main 4 bytes a 1 4 bytes b 2 4 bytes c 3 4 bytes Bottom of stack example2 c void function char str char buffer 16 strcpy buffer str void main char large string 256 int i for i 0 i 255 i large string i A function large string Stack Memory Now What does the stack look like when function is called Top of stack buffer 16 bytes sfp Saved Frame Pointer 4 bytes ret Return address to main 4 bytes Ptr to large string 4 bytes str Bottom of stack Segmentation fault occurs We write 255 A s starting from buffer down through sfp ret str and beyond We then attempt to return to the address 0x41414141 example3 c void function int a int b int c char buffer1 5 char buffer2 10 int ret ret buffer1 12 ret 10 overwrite return addr return 10 bytes later in text seg void main int x x 0 function 1 2 3 x 1 printf d n x Write up says 8 bytes but it s wrong How did we know the values Look at disassembly 0x8000490 0x8000491 0x8000493 0x8000496 0x800049d 0x800049f 0x80004a1 0x80004a3 0x80004a8 0x80004ab



View Full Document

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view Lecture Notes and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture Notes and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?