Two notes on today's lecture
Written on 14.12.2017 20:24 by Christian Rossow
Two notes about today's lecture:
- For time reasons, we skipped over slides 125--136. Please still go over these slides, as they contain valuable hints on writing shellcode and mention several practical advice that assist in exploiting software (cf. Exercise #07, Project #03).
- We updated the string format vulnerability example. As presented today, the example was not coherently using 32b or 64b code. Now the example is on 64b only, which also means that the 1st to 6th parameter are assumed to be in registers. The first five %p (plus one parameter is the formatter itself) thus print register contents, which might contain dormant values. As discussed, printf wrapper functions (cf. -D_FORTIFY_SOURCE) might require one or more additional arguments, which slightly changes the picture. The slide now also tells the exact gcc compiler flags used to create the program so that you can reproduce the example.