Presented at
DEF CON 8 (2000),
July 29, 2000, 4 p.m.
(50 minutes)
The talk/demonstration is intended for audiences familiar with assembly language and/or stack-based buffer overflows on other architectures (most probably Intel).
The topics aren't really anything new, I would just like to present them with the focus on a different processor/paradigm than Intel to better define the concepts in use. I will be covering SPARC assembly language on a fairly low level.
- Introduction to SPARC assembly - RISC, LOAD/STORE architecture - Register windows, Allocating space on the stack - SPARC subroutine calling conventions, How the code we're attacking will look - Leaf procedure optimization, How to write optimized assembly - Unix system calls from assembly language, Overview of traps - Hand assembling instructions, Conversion to hex, Testing hex-encoded instructions in C __asm__ blocks
- Using GDB (Gnu Debugger) and ADB (Absolute Debugger), Disassembling compiled code, assembling instructions to hexadecimal (faster than by hand), Patching executables, Examining the stack of a running process, Altering the stack/return address
- Hand-crafting shellcode, Basics, Basic shellcode, Intermediate shellcode, Advanced shellcode - Delivering the payload - Bonus topics (time permitting)
Presenters:
-
ghandi
ghandi is a a Computer Science student beginning work on distributed, interactive environments (ala FreeNet or Stephenson's Metaverse) for an departmental honors project. I also work as a System Administrator at a web startup managing Sun clusters, FreeBSD servers, and Linux workstations.
Links:
Similar Presentations: