1 / 5

Several Tips on Project 1

Several Tips on Project 1. Be sure to use the Makefile to generate executable of both exploit program and target program Be sure to use “setarch i686 -R” in front of every execution, including both Gdb and ./exploit

feivel
Download Presentation

Several Tips on Project 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Several Tips on Project 1 • Be sure to use the Makefile to generate executable of both exploit program and target program • Be sure to use “setarch i686 -R” in front of every execution, including both Gdb and ./exploit • You can use “x/b address” under gdb to know the byte content saved on the specified address. This is helpful to determine big-edian or little-edian of memory (how to overwrite return address). • You can use “break foo” to set breakpoint upon entering foo() function. • Fill the shell executable code (in the string array shellcode[ ]) byte-by-byte into the buffer for your modified return address to execute. • The deadline will not be changed, but penalty for one week late submission is now 10% off.

  2. NOPs • Most CPUs have a No-Operation instruction – it does nothing but advance the instruction pointer. • Usually we can put a bunch of these ahead of our program (in the string). • As long as the new return-address points to a NOP we are OK.

  3. Using NOPs Real program (exec /bin/ls or whatever) new return address Can point anywhere in here nop instructions

  4. Estimating the stack size • We can also guess at the location of the return address relative to the overflowed buffer. • Put in a bunch of new return addresses!

  5. Estimating the Location new return address new return address new return address new return address new return address new return address Real program nop instructions

More Related