Resources for learning stack smashing

Apr 29, 2015   #old  #buffer overflow  #l&c  #security 

I designed a lecture introducing students to the concept of a buffer overflow, as part of an independent study course with Professor Jens Mache. The goal of the presentation was to be accessible to students with minimal background in computer architecture, although the audience ended up being comprised of students mostly familiar with it.

Some companion resources to this project can be found here. I also wrote some basic C explanation files to go with the talk, available here.

Other resources available online:

Tip: Set your disassembly flavor to intel using: set disassembly-flavor intel

Super basic GDB commands (written hastily):

  • list (l): shows source code, optionally supply a function name to show code for that function
  • break (b): set a breakpoint at supplied linenumber or supplied address (with *ADDRESS)
  • x: examine memory location (i.e. x/40x $esp to show 40 doublewords (default size to show) outputted in hex format from the location of the stack pointer)
  • run (r): run the program (supply arguments here, i.e. “r aaaaaaaa”)
  • disas: print the assembly code for the supplied funciton (i.e. disas main)
  • step (s): go forward one line of C
  • stepi (si): go forward one instruction (assembly)
  • continue ©: continue execution after a breakpoint