CS 240 Lab 10

Learning Goals & Reflection

CS 240 Lab 10

Learning Goals

Core Goals

Students can:

  1. Explain how assembly code creates a “stack frame” for each function call:
    1. Identify which instructions are used for saving and restoring both caller-saved and callee-saved registers.
    2. Explain the purpose of subtracting from or adding to %rsp.
    3. Based on a function’s assembly code and a memory dump of the stack, identify which instructions & memory addresses are used to:
      1. Store callee-saved registers.
      2. Store caller-saved registers.
      3. Store local variables of the function.
      4. Align the stack pointer before a function call.
      5. Restore the stack pointer and caller-saved registers before returning from the function.
      6. Restore callee-saved registers after returning from a function call.
  2. Explain how a buffer overflow attack works:
    1. Explain what “buffer” means in this context.
    2. Identify one or more C standard library functions which can lead to buffer overflow vulnerabilities.
    3. Explain what it means to “overflow” a buffer.
    4. Explain why overflowing a stack-allocated buffer can allow an attacker to seize partial control of a program even if the stack is not executable.
    5. Explain how a buffer overflow can give full control to an attacker if they are allowed to execute code written on the stack.

Stretch goals

  1. Explain how a buffer overflow attack works:
    1. Explain why address space randomization and stack protection help mitigate the possible damage from a buffer overflow attack.

Reflection

Note: Make sure to use the ‘print’ dialog to save this page as a PDF when you’re done.

I’m most confident in (list a few):

I’m least confident in (list a few):

Questions (please take the time to ask at least one, thinking of a question will help you cement what you’ve learned):