teaching machines

CS 330 Lecture 17 – C

March 7, 2016 by . Filed under cs330, lectures, spring 2016.

Agenda

TODO

Note

Today we exploit a buffer overflow in an assembly program to redirect the CPU to a function that we aren’t authorized to run! We then transition into our discussion of existing high-level languages. But first, why did we need something better than assembly?

Imagine you are an assembly programmer in the 1950s without knowledge of future technologies. What gripes do you have about your job?

We’ll fast-forward through a history of C and write one or two C programs, enjoying its advantages over assembly.

Code

overflow.s

.section .data
secret:
  .asciz "Third tree right of the buson.\n"
prompt:
  .asciz "Enter password: "
out_message:
  .asciz "Your password is: %s.\n"

.section .text
.globl main

main:
  call check_password

  # if password matches (%eax)
  #  jmp to secret
  # else
  #  exit 1

  pushl $1
  call exit

only_when_authorized:
  pushl $secret
  call printf
  addl $4, %esp

  pushl $0
  call exit

check_password:
  pushl %ebp
  movl %esp, %ebp

  subl $4, %esp 
  
  pushl %esp
  call gets
  addl $4, %esp

  pushl %esp
  pushl $out_message
  call printf
  addl $8, %esp

  # check password!
  # return in %eax some truth value

  addl $4, %esp

  popl %ebp
  ret