ECE 102 Compilation and

Exploits
subtitle: week 7

Peter Jamieson
Miami University

Today
The machine and C
Computer engineers
Who the experts are hackers
Virus
Smash the stack

Compiling
What happens?

Gcc options and Object dumps

gcc S = generate assembly file
gcc save-temps = keep temp files
.i = pre_process
.s = assembly
.o = object file
Note ELF at start = Executable and Linkable Format

objdump -d program.o
shows the assembly instructions beside the
machine code

objdump -d program.exe
Linker adds some steps

Other tools
readelf -h program.exe
readelf -S program.exe
Compare what we learned with gdb

What is?
A virus
A trojan horse
A worm

What is?
A virus = program that attaches to exe and
replicates in other exes unknowingly, but
program with virus must run
A trojan horse = looks like legit software but
you click to run
A worm = like a virus, but some data transfers
it and then it replicates

How do we stop?
Thoughts?

The PC smashing the stack

How big can the password be, and how do we
implement this in code?

Details:
https://www.youtube.com/watch?v=1S0aBV-Waeo

Smashing the stack

Buffer overflow
need to compile gcc with -fno-stack-protector
gcc -g program.c -fno-stack-protector

Smash stack
Almost all computer exploits look for memory
copies that can be overflowed to hit the return
address and then run your code
How can I write code without compiling in this
exploit?
Think login

How do we protect against stack

smashing?
We know about smash the stack, how do we
protect?

Make sure when memory is copied

we specify how many bytes
strcpy
VERSUS

strncpy = n specifies how many bytes!!!

Challenge
Given PROGRAM_26
Add a printf statement
Answer the following

How much bigger in bytes is the program?

How big is the printf functionality?
Where is printf located in memory for this program?
What code is run before main?