http://andromeda.df.lu.lv/wiki/index.php?action=history&feed=atom&title=LU-LSP-b%3AL09b LU-LSP-b:L09b - Revision history 2026-04-20T02:40:27Z Revision history for this page on the wiki MediaWiki 1.31.0 http://andromeda.df.lu.lv/wiki/index.php?title=LU-LSP-b:L09b&diff=8744&oldid=prev Leo: Created page with "=== Praktiskais darbs #9.b - steka satura analīze un piekļuve stekam. === * [http://www.codeproject.com/KB/windows/CallStackTest/StackLayout2.jpg Steka kadra uzbūve x86 ar..." 2020-03-17T21:02:47Z <p>Created page with &quot;=== Praktiskais darbs #9.b - steka satura analīze un piekļuve stekam. === * [http://www.codeproject.com/KB/windows/CallStackTest/StackLayout2.jpg Steka kadra uzbūve x86 ar...&quot;</p> <p><b>New page</b></p><div>=== Praktiskais darbs #9.b - steka satura analīze un piekļuve stekam. ===<br /> <br /> * [http://www.codeproject.com/KB/windows/CallStackTest/StackLayout2.jpg Steka kadra uzbūve x86 arhitektūrā].<br /> <br /> * Funkciju izsaukumu analīze. printf() lietošana steka satura izdrukai.<br /> <br /> * Koda disasamblēšana ar &#039;&#039;objdump&#039;&#039; vai &#039;&#039;gdb&#039;&#039; programmām.<br /> objdump -dS &lt;binary-file&gt; | less<br /> <br /> * Piekļuve reģistru saturam caur inline asamblera kodu.<br /> #define GET_EBP_VALUE(result) \<br /> asm volatile(&quot;movl %%ebp, %0\n&quot; : &quot;=m&quot; (result))<br /> <br /> ==== Iesūtīšana ====<br /> <br /> Šis PD nav obligāts, nav jāiesūta.<br /> <br /> Uzdevumi:<br /> <br /> 1) Panākt, ka f() izsauc sevi izmantojot steka pārpildi (bez ASM koda).<br /> <br /> 2) Panākt, ka f() veiksmīgi izsauc funkciju system() ar argumentu &quot;touch file.txt&quot;, izmantojot steka pārpildi<br /> <br /> ==== Programmas kods ====<br /> <br /> Kompilēt ar opcijām &quot;-g -fno-stack-protector&quot;<br /> &lt;pre&gt;<br /> #include &lt;stdio.h&gt;<br /> #include &lt;sys/types.h&gt;<br /> #include &lt;sys/stat.h&gt;<br /> #include &lt;fcntl.h&gt;<br /> <br /> void f(void) {<br /> char s[16];<br /> gets(s);<br /> printf(&quot;%s\n&quot;, s);<br /> }<br /> <br /> int main(void) {<br /> f();<br /> return 0;<br /> }<br /> &lt;/pre&gt;<br /> <br /> <br /> Modificēts kods:<br /> &lt;pre&gt;<br /> #include &lt;stdio.h&gt;<br /> #include &lt;stdint.h&gt;<br /> #include &lt;sys/types.h&gt;<br /> #include &lt;sys/stat.h&gt;<br /> #include &lt;fcntl.h&gt;<br /> <br /> #define GET_EBP_VALUE(result) \<br /> asm volatile(&quot;movl %%ebp, %0\n&quot; : &quot;=m&quot; (result))<br /> <br /> #define GET_ESP_VALUE(result) \<br /> asm volatile(&quot;movl %%esp, %0\n&quot; : &quot;=m&quot; (result))<br /> <br /> uint32_t esp, ebp;<br /> <br /> void f(void) {<br /> GET_EBP_VALUE(ebp);<br /> printf(&quot;%p\n&quot;, (void *) ebp);<br /> <br /> char s[16];<br /> gets(s);<br /> printf(&quot;%s\n&quot;, s);<br /> <br /> asm(&quot;leave&quot;);<br /> GET_ESP_VALUE(esp);<br /> *(uint32_t *) esp = f;<br /> asm(&quot;pop %eax&quot;);<br /> asm(&quot;push %eax&quot;);<br /> asm(&quot;jmp %eax&quot;);<br /> }<br /> <br /> int main(void) {<br /> f();<br /> return 0;<br /> }<br /> &lt;/pre&gt;</div> Leo