lab4 - CSE 361S Intro to Systems Software Lab Assignment#4...

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CSE 361S Intro to Systems Software Lab Assignment #4 Due: Thursday, October 29, 2009. In this lab, you will mount a buffer overflow attack on your own program. We do not condone using this or any other form of attack to gain unauthorized access to a system. Rather, by doing this exercise, I hope you will learn a lot about how to defend against such attacks. You may work in a group of up to two people in solving the problems in this lab. Download the file bufbomb.c from the class web site and compile it to create an executable program. In bufbomb.c you will find the following functions: int getbuf() { char buf[16]; getxs(buf); return 1; } void test() { int val; printf(“Type Hex String: ”); val = getbuf(); printf(“getbuf returned 0x%x\n”, val); } The function getxs (also in bufbomb.c ) is similar to the library gets , except that it reads characters encoded as pairs of hex digits. For example, to give it a string “ 0123 ,” the user would type in the string “ 30 31 32 33 .” The function ignores blank characters. Recall that decimal digit x has ASCII representation 0x3 x . A typical execution of the program is as follows: prompt> ./bufbomb Type Hex String: 30 31 32 33 getbuf returned 0x1 Looking at the code for the getbuf function, it seems quite apparent that it will return value 1 whenever it is called. It appears as if the call to getxs has no effect. Your task is to make getbuf return 0xdeadbeef to test , simply by typing an appropriate hexadecimal string to the prompt.
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon