🔬 Lab
CS 240 Lab 10
Learning Goals & Reflection
CS 240 Lab 10
Learning Goals
Core Goals
Students can:
- Explain how assembly code creates a “stack frame” for each function
call:
- Identify which instructions are used for saving and restoring both caller-saved and callee-saved registers.
- Explain the purpose of subtracting from or adding to
%rsp
. - Based on a function’s assembly code and a memory dump of the stack,
identify which instructions & memory addresses are used to:
- Store callee-saved registers.
- Store caller-saved registers.
- Store local variables of the function.
- Align the stack pointer before a function call.
- Restore the stack pointer and caller-saved registers before returning from the function.
- Restore callee-saved registers after returning from a function call.
- Explain how a buffer overflow attack works:
- Explain what “buffer” means in this context.
- Identify one or more C standard library functions which can lead to buffer overflow vulnerabilities.
- Explain what it means to “overflow” a buffer.
- Explain why overflowing a stack-allocated buffer can allow an attacker to seize partial control of a program even if the stack is not executable.
- Explain how a buffer overflow can give full control to an attacker if they are allowed to execute code written on the stack.
Stretch goals
- Explain how a buffer overflow attack works:
- Explain why address space randomization and stack protection help mitigate the possible damage from a buffer overflow attack.
Reflection
Note: Make sure to use the ‘print’ dialog to save this page as a PDF when you’re done.
I’m most confident in (list a few):
I’m least confident in (list a few):
Questions (please take the time to ask at least one, thinking of a question will help you cement what you’ve learned):