» CS 330 Lecture 16 – Functions in Assembly and Buffer Overflows

CS 330 Lecture 16 – Functions in Assembly and Buffer Overflows

February 29, 2016 by Chris Johnson. Filed under cs330, lectures, spring 2016.

Agenda

what ?s
local variables
frame pointer
functions
buffer overflows

TODO

I’m in Memphis for a computer science education conference the rest of the week. No class on Wednesday or Friday. Please use your time to work on CSX!

Note

We close out our discussion of assembly today by looking at how functions in our high level languages are defined and called at the assembly level. Before that we will look at the simple act of declaring a local variable. Since we don’t have a name by which to refer to this variable, we will refer to it by its address. However, since the top of the stack keeps shifting around, we will need a more constant anchor: the frame pointer, which we will store in register %ebp and which points to the beginning of a function’s stack frame. All parameters and local variables will be referenced relative to it.

In opening this black box, we will better see how our code can become vulnerable to buffer overflow attacks.

Code

local_print.s

.section .data
out:
  .asciz "The most aesthetically pleasing number is %d.\n"

.section .text
.globl main

main:
  # Declaration of i
  subl $4, %esp
  movl $7, (%esp)

  pushl (%esp)
  pushl $out
  call printf
  addl $8, %esp

  pushl $0
  call exit

average.s

.section .data
out:
  .asciz "The average of %d and %d is %d.\n"

.section .text
.globl main

main:
  # Prologue
  # Preserve caller's frame pointer.
  pushl %ebp
  # Record our own frame pointer.
  movl %esp, %ebp

  # Declaration of i
  subl $8, %esp
  movl $30, -8(%ebp)
  movl $10, -4(%ebp)

  # Params for average
  pushl -8(%ebp)
  pushl -4(%ebp)
  call average
  addl $8, %esp

  pushl %eax
  pushl -8(%ebp)
  pushl -4(%ebp)
  pushl $out
  call printf
  addl $12, %esp

  pushl $0
  call exit

average:
  pushl %ebp
  movl %esp, %ebp

  movl 8(%ebp), %eax 
  addl 12(%ebp), %eax
  shr $1, %eax
 
  popl %ebp
  ret

in_range.c

/usr/lib/ruby/2.7.0/rubygems/dependency.rb:311:in `to_specs': Could not find 'coderay' (>= 0) among 56 total gem(s) (Gem::MissingSpecError)
Checked in 'GEM_PATH=/.gem/ruby/2.7.0:/var/lib/gems/2.7.0:/usr/lib/ruby/gems/2.7.0:/usr/share/rubygems-integration/2.7.0:/usr/share/rubygems-integration/all:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0:/home/johnch/.gems', execute `gem env` for more information
	from /usr/lib/ruby/2.7.0/rubygems/dependency.rb:323:in `to_spec'
	from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_gem.rb:62:in `gem'
	from ./coderay:24:in `'