Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
8 views5 pages

Stack Vulnerability

This document examines a disassembled program to identify stack overflow vulnerabilities caused by improper use of functions like strcpy() and strcat(). It explains how these functions can lead to memory issues by copying data that exceeds allocated space, potentially allowing for exploits. The conclusion emphasizes the risks associated with stack overflow, including system failure.

Uploaded by

lawrencechikopa1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views5 pages

Stack Vulnerability

This document examines a disassembled program to identify stack overflow vulnerabilities caused by improper use of functions like strcpy() and strcat(). It explains how these functions can lead to memory issues by copying data that exceeds allocated space, potentially allowing for exploits. The conclusion emphasizes the risks associated with stack overflow, including system failure.

Uploaded by

lawrencechikopa1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

SOFTWARE REVERSE ENGINEERING-SREN-310

Student Name
Lawrence Chikopa
CIS/018/19

Course Lecturer
Menard Phiri
[email protected]

CODE INTERPRETATION AND LOCATING


STACK OVERFLOW VULNERABILITY
Contents
1 INTRODUCTION 1

2 GOALS 1

3 CODE OF THE DISASSEMBLED PROGRAM 2

4 INTERPRETATION OF THE CODE 2


4.1 How these functions are used . . . . . . . . . . . . . . . . . . . . 2
4.2 Explaining the code in details . . . . . . . . . . . . . . . . . . . . 3

5 OVERFLOW VULNERABILITY 3

6 CONCLUSION 3
1 INTRODUCTION
The stack overflow is the type of buffer overflow error that occurs when a com-
puter program tries to use more memory space in the call stack than has been
allocated to that stack.

One of the causes of stack overflow is a recursive function, a type of function


that repeatedily calls itself in an attempt to carry out specific logic. Each time
the function calls itself, it uses up more of the stack memory. If the function
runs too many times, it can eat up all the available memory resulting in stack
overflow. Stack overflow errors can also occur if too much data is assigned to
the variables in the stack frame.

This document focuses on examining the code of a program that has been dis-
assembled. Finally, the stack overflow vulnerability is located from this code of
the program.

2 GOALS
ˆ Interpreting code

ˆ Locating stack overflow vulnerability

1
3 CODE OF THE DISASSEMBLED PROGRAM

Figure 1: This figure is the code

4 INTERPRETATION OF THE CODE


In this code, there is main function called ’MyCode’ and this function contains
three functions that are both from the C library namely: strcpy(), strcat() and
system().

4.1 How these functions are used


ˆ The strcpy() function is used to copy the source string to destination string
and if the buffer size of the destination string is more than source string,
then copy the source string to the destination with terminating NULL
character.
ˆ The strcat() function takes input and then concatenates the input values
passed to the function. Like strcpy(), this function does not check the
length of the input strings relative to the size of of the destination buffer.

ˆ The system() function is used to pass the commands that can be executed
in the command processor or the terminal of the operating system and
finally returns the command after it has been completed.(used to invoke
commands in a shell).

2
4.2 Explaining the code in details
In the first line of the code, the command ’mov eax,[esp+0x4]’ is used to move
the values in [esp+0x4] into eax. In the second line of the code, ESP is sub-
tracted by 100 bytes to make room for the local variables using the command
’sub esp,0x64’ (64 is 100 bytes). Then later eax is pushed to the stack using the
command ’push eax’.

The command ’lea ecx,[esp+0x4]’ loads the register for all these activities into
ecx and ecx is pushed to the stack using the command ’push ecx’.

Next the function ’Mycode!strcpy’ copies a string whose pointer was passed as
the first parameter of the local variable(whose size we know is 100 bytes). In
this section of the function, a constant of size 4MB is pushed to the stack using
the command ’push 0x408128’ (408128 is 4MB).

Next the function ’Mycode!strcat’ loads the effective address and then pushes
it into the stack.

Finally, the function ’Mycode!system’ ensures operating system intervention. In


this section the size of ESP is made back to where it was by adding 120 bytes
using the command ’add esp,0x78’(78 is 120 bytes).

The function Mycode used 100 bytes and finally 120 bytes are added back for
replacement of the used bytes.

5 OVERFLOW VULNERABILITY
The vulnerability is on the function strcpy where the copying encounters a con-
stant whose size is greater than the number of bytes used by the main function.
The main function is to use 100 bytes for its local variables and this constant is
4MB which is greater than 100 bytes. strcpy will essentially overwrite whatever
follows the local string variable in the stack.

The classic exploit for this kind of overflow bug is to feed this function with a
string that essentially contains code and to carefully place the pointer to that
code in the position where strcpy is going to be overwriting the return address.

6 CONCLUSION
In conclusion, stack overflow can lead to errorneous results as well as system
failure.

You might also like