Computer
Systems

Fall 2018
course
site

Tue Oct 8

Bomb labs have been graded.

A last assignment for chapter 3 material is due Thursday.

rest of the term

-- cmu -- about 8 weeks after the chapter 3 stuff

  chap  5  optimization    1 lecture       0.5 week        .  (rest of) PROGRAM EXECUTION
  chap  6  caches          2 lecture       1.0 week        .

  chap  7  linking         1 lecture       0.5 week        .  RUNNING IN THE SYSTEM
  chap  8  exceptions      2 lectures      1   week        .
  chap  9  virtual memory  4 lectures      2   weeks       .

  chap 11  netwoks         2 lectures      1   week        .  PROCESS COMMUNICATION
  chap 12  parallel        4 lectures      2   weeks       .

-- us -- time remaining is about 6 weeks

    finish chap 3 (machine code) due Thu Oct 11 
    Chap ? (?) due Tue Oct 23 (week after Hendrick's)     1
    Chap ? (?) due Tue Oct 30                             2
    Chap ? (?) due Nov 6                                  3
    Chap ? (?) due Nov 13                                 4
    Chap ? (?) due Nov 20                                 5
    Chap ? (?) due Nov 29                                 6
    second lab presentations Dec 4 (last day of classes)
    second lab code & writeup Dec 7 (Fri after that)

this week

Discuss and look at the "stack overflow" concept - check out my example.


I've uploaded the files that we created in class.

We typed "ABCDEFG" into the program, then put a breakpoint into read_word and used gdb to look at the stack. I've copy pasted that below.

want 0x40075e (print_is_magic) rather than 0x4007ed (main)

 (gdb) print $rsp
 $1 = (void *) 0x7fffffffea00
 (gdb) x/64bx 0x7fffffffea00

0x7fffffffea00: 0x41    0x42    0x43    0x44    0x45    0x46    0x47    0x0a
0x7fffffffea08: 0x00    0x08    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffea10: 0xb0    0x7a    0xde    0xf7    0xff    0x7f    0x00    0x00
0x7fffffffea18: 0x6d    0x08    0x40    0x00    0x00    0x00    0x00    0x00
0x7fffffffea20: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x7fffffffea28: 0x00    0xea    0xff    0xff    0xff    0x7f    0x00    0x00
0x7fffffffea30: 0x50    0xea    0xff    0xff    0xff    0x7f    0x00    0x00
0x7fffffffea38: 0xed    0x07    0x40    0x00    0x00    0x00    0x00    0x00

Ben tells me that he found the issue that kept it from working: there's a newline character on in there (in our previous input) which kept the fgets() in read_line() from reading in our whole exploit ...

https://cs.marlboro.college /cours /fall2018 /systems /notes /stackattack
last modified Sun October 17 2021 12:40 pm

attachments [paper clip]

  last modified size
TXT breakme.c Sun Oct 17 2021 12:40 pm 2.9K
TXT exploit.bytes Sun Oct 17 2021 12:40 pm 178B
TXT exploit.raw Sun Oct 17 2021 12:40 pm 60B
TXT hex2raw.c Sun Oct 17 2021 12:40 pm 4.0K
TXT show_bytes.c Sun Oct 17 2021 12:40 pm 2.0K
TXT test.bytes Sun Oct 17 2021 12:40 pm 59B
TXT test.raw Sun Oct 17 2021 12:40 pm 5B