Comp Security- Week 4 Flashcards
What register is the instruction pointer?
EIP
The EIP register is…
The instruction pointer; points to address. It holds the address of the next instruction inside of memory to be executed
What are the EFLAGS Registers?
Flags for logical conditions (true/false); condition codes
What are ESP AND EBP used for?
Related to stack pointer; created when we have functions called
In AT&T which comes first source or destination?
Source before destination
In Intel which comes first source or destination?
Destination before Source
Suppose we have ebx=eax how would it look like in At&T syntax, how in Intel?
AT&T: movl %eax, %ebx
Intel: mov ebx, eax
The GDB debugger provides a direct method to examine memory using command…
x
x/11xb main means
Examine 11 bytes in hexadecimal starting at main
x/2xw $eip means
Examine 2 words (4bytes) in hexadecimal at $eip
x/i $eip means
Display the memory as disassembled assembly language instructions
List the memory layout from high address to low address
Stack, heap, data, text
Stack
Memory allocated temporarily when we have a function call, procedure call, etc. It stores information
Ex. Local variables that are mainly used for function calls
Heap
Dynamically allocated storage (Dynamically= i dont know its size)
Ex when call malloc() calloc() new()
Data
Statically (i know its size) allocated memory thats declared in code
Ex. String, array
Text
Executable machine instructions, read only
A stack frame provides..
A stack frame provides space for these values (local variables, parameters, return values)
What is stack discipline?
LIFO (last in first out)
Stack frame contents :
Local variables, return information, temporary space
Stack frame management
Space allocated when enter procedure and deallocated when return
What are the two stack pointers?
Base/Frame pointer %ebp and Stack pointer %esp
Why do we need two pointers in stack and what do they do?
Base/Frame pointer: Doesnt move or change
Stack pointer: At the top of stack
When you push stack increments by 1 and when you pull/pop stack decrements by 1
When theyre equal stack is empty
When is stack created? When is it deleted?
Stack is created when there is a function call
Stack is deleted when the base/frame and stack pointer are equal
A call is made, a stack is created and now the stack is no longer referenced by base/frame pointer or stack pointer. Will the info inside the memory be deleted or stay?
The info will remain it wont delete but the reference to them wont be there.
Buffer overflow occurs when..
Buffer overflow occurs when data is written outside the boundaries of the memory allocated to a particular data structure
Buffer overflows can be exploited to modify..
a variable, data pointer, function pointer, or return address on the stack
A modified variable due to buffer overflow may be used to
change important info, change the behavior of the program
A modified pointer or return address due to buffer overflow may be used to
can allow execution of arbitrary code
Internally a program stack is used to..
To keep track of a program execution and state by storing:
1. return address in the calling function
2. arguments to the functions
3. local variables (temporarily)
The program stack /stack is modified during
During function calls, function initialization, when returning from a subroutine
The esp stack pointer holds the top stack address and it can be modified..
directly- by direct operations ex. add esp, 08h shrinks stack by 2 words or 8 bytes
indirectly- push or pop operations (adding/removing data elements)
The amount of memory required to store is a string is..
The # of characters + 1
Buffer overflow prevention:
- use functions that respect buffer bounds such as fgets, strncpy, strncat
- ensure null termination of strings
- invalidate stack execution since stack based buffer overflows are the easiest to exploit
- make sure the format string argument is explicitly specified
- static analysis and dynamic analysis testing
- run time safe guards
