Professional Documents
Culture Documents
software
sequence of instructions in memory
logically divided in functions that call
each other
getURL
return result
203
202
201
200
104
103
IE
204
102
101
100
call getURL
software
204
PC
203
PC
getURL
PC
PC
return result
202
201
200
104
103
IE
102
PC
101
PC
100
call getURL
1024
1022
1021
1020
204 return result
PC
203
PC
PC
getURL
it keeps administration
on a stack
1023
PC
PC
202
201
200
104
PC
103
PC
IE
stack
software
103
PC
101
PC
100
real functions
variables
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
real functions
variables
getURL
call read
200
104
103
102 call getURL
IE
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
101
100
stack
real functions
variables
1024
103
1023
old FP
1022
1021
1020
1019
1017
1016
getURL
1018
202
201
call read
200
1015
1014
1013
1012
104
1011
103
1010
IE
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
101
100
stack
real functions
variables
1024
103
1023
old FP
1022
1021
1020
1019
1017
1016
getURL
1018
202
201
call read
200
1015
1014
1013
1012
104
1011
103
1010
IE
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
101
100
103
303
1023
old FP
302
1022
1021
return
301
300
1020
1019
1017
1016
getURL
1018
buf
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
read
1024
202
201
call read
200
1015
1014
1013
1012
104
1011
103
1010
1009
101
1008
1007
IE
stack
real functions
variables
100
103
303
1023
old FP
302
1022
1021
return
301
300
1020
1019
1017
1016
getURL
1018
buf
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
read
1024
202
201
call read
200
1015
1014
1013
1012
64
104
1011
(buf)
103
1010
fd
1009
1008
1007
IE
stack
real functions
variables
101
100
103
303
1023
old FP
302
1022
1021
return
301
300
1020
1019
1017
1016
getURL
1018
buf
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
read
1024
202
201
call read
200
1015
1014
1013
1012
64
104
1011
(buf)
103
1010
fd
1009
202
101
1008
1007
IE
stack
real functions
variables
100
103
303
1023
old FP
302
1022
1021
return
301
300
1020
1019
1018
getURL
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
read
1024
1017
1016
202
201
call read
200
1015
1014
1013
1012
64
104
1011
(buf)
103
1010
fd
1009
202
1008
1023
1007
IE
stack
real functions
variables
101
100
103
303
1023
old FP
302
1022
1021
return
301
300
1020
1019
1018
getURL
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
read
1024
1017
1016
202
201
call read
200
1015
1014
1013
1012
64
104
1011
(buf)
103
1010
fd
1009
202
1008
1023
1007
IE
stack
real functions
variables
101
100
103
303
1023
old FP
302
1022
1021
return
301
300
1020
1019
1018
getURL
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
read
1024
1017
1016
202
201
call read
200
1015
1014
1013
1012
64
104
1011
(buf)
103
1010
fd
1009
202
1008
1023
1007
IE
stack
real functions
variables
101
100
103
303
1023
old FP
302
1022
1021
return
301
300
1020
1019
1018
getURL
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
read
1024
1017
1016
202
201
call read
200
1015
1014
1013
1012
64
104
1011
(buf)
103
1010
fd
1009
202
1008
1023
1007
IE
stack
real functions
variables
101
100
103
303
1023
old FP
302
1022
1021
return
301
300
1020
1019
1018
getURL
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
read
1024
1017
1016
202
201
call read
200
1015
1014
1013
1012
64
104
1011
(buf)
103
1010
fd
1009
202
1008
1023
1007
IE
stack
real functions
variables
101
100
103
303
1023
old FP
302
1022
1021
return
301
300
1020
1019
1018
getURL
getURL ()
{
char buf[10];
read(keyboard,buf,64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
read
1024
1017
1016
202
201
call read
200
1015
1014
1013
1012
64
104
1011
(buf)
103
1010
fd
1009
202
1008
1023
1007
IE
stack
real functions
variables
101
100
Exploit
1024
1013
103
1023
1021
1020
1019
1018
1017
1016
1015
1014
1013
1012
1011
1010
buf
getURL ()
{
char buf[10];
read(keyboard, buf, 64);
get_webpage (buf);
}
IE ()
{
getURL ();
}
1022
Memory Corruption
Final words Part I
We have sketched only the most common memory
corruption attack
many variations, e.g.:
heap stack
more complex overflows
off-by-one
integer overflows
format string attacks
double free
etc.