These readings will help you with recalling and developing skills from 240 for Checkpoint 0

C Strings, Buffers, Pointers

• Dennis Kubes, "The 5 Minute Guide to C Pointers"

• Simon Tatham, "The Descent to C" (note especially the section on Strings)

• http://cslibrary.stanford.edu/106/ and companion video https://www.youtube.com/watch?v=6pmWojisM_E

Stacks and Calling Conventions

• Eli Bendersky, "Where the top of the stack is on x86"

• https://en.wikipedia.org/wiki/X86_calling_conventions#cdecl

• http://redstack.net/blog/x86-calling-conventions.html

GDB

• Cheatsheet of GDB commands: https://darkdust.net/files/GDB%20Cheat%20Sheet.pdf

• 7 minute video shows how to use some more advanced commands, including the watch command (tells you when a variable changes values) and how to step backwards through a program: https://www.youtube.com/watch?v=Yq6XFl-u00o

• This series of videos covers a variety of features of GCC: https://www.youtube.com/watch?v=5yZIFmplXsw&list=PLMbKVy-fuVKF0iopxoNRvhE86xYWZz9-C

Fun

• This one is just optional fun - weird memory attacks against classic video games: https://digg.com/video/the-super-mario-bros-3-world-speedrun-record-in-three-minutes

These readings are intended to help you remember the skills (which you may have studied in CS240) that you'll need to start working on the software security lab, such as:

• Writing, compiling, and running C programs

• Using POSIX exec to execute other programs and pass them arguments

• Understanding what happens to a process when it invokes exec

• Manipulating strings and buffers:

  • Setting specific bits, bytes, and values in a variable or buffer

  • Getting endianness right, and/or using casting to let C help you get it right

  • Using string manipulation functions, and including their relationship to null termination

• Describing and drawing memory diagrams of the stack

• Explaining the large-scale layout of memory (text, heap, stack)

• Using cgdb to:

  • Step through a program at a statement, function, or instruction level

  • Examine the stack, including flow control information

  • Print the values and memory addresses of locals, program arguments, function arguments, buffers, etc.

  • Disassemble code to inspect the machine instructions which are being executed

• Explaining what happens when you call a function in C

• Describing the calling convention used by the targets in the lab

• Describing how variable argument functions work in C

These readings will help you with the actual exploits

Buffer overflows:

• Aleph One, "Smashing the Stack for Fun and Profit" - this is a classic (1996) account and tutorial for buffer overflows. The setup (x86, no ASLR, etc.) running on our server is reminiscent of the setup of modern computers in 1996. Optional but quite interesting, and might even help.

Format string vulnerabilities:

• https://www.owasp.org/index.php/Format_string_attack

• http://www.cis.syr.edu/~wedu/Teaching/cis643/LectureNotes_New/Format_String.pdf

• Really nice explanation of format string vulns from Maryland: https://www.youtube.com/watch?v=8dcUkJYn-Mk

Malloc and double-free:

• https://cwe.mitre.org/data/definitions/415.html

• https://www.owasp.org/index.php/Double_Free

Variadic (variable argument) functions:

• https://www.eskimo.com/~scs/cclass/int/sx11b.html

• https://rosettacode.org/wiki/Variadic_function#C

• https://www.rpi.edu/dept/cis/software/g77-mingw32/include/stdarg.h (A possible implementation of stdarg.h, which you will need to use to build your variable argument function)

• https://www.youtube.com/watch?v=S-ak715zIIE