CS591 S2007 Assignment

, argc=1, ubp_av=0xbffffb24, init=0x80482bc <_init>, fini=0x80484a0 <_fini>, rtld_fini=0x4000dc14 <_dl_fini>, stack_end=0xbffffb1c) at ../sysdeps/generic/libc-start.c:129 (gdb) info frame 0 Stack frame at 0xbffffab8: eip = 0x804843e in main (example1.c:9); saved eip 0x4003e507 called by frame at 0xbffffaf8 source language c. Arglist at 0xbffffab8, args: Locals at 0xbffffab8, Previous frame's sp is 0x0 Saved registers: ebp at 0xbffffab8, eip at 0xbffffabc (gdb) info reg eax 0x1 1 ecx 0x0 0 edx 0xbffffb2c -1073743060 ebx 0x40158154 1075151188 esp 0xbffffab0 0xbffffab0 ebp 0xbffffab8 0xbffffab8 esi 0x400168e4 1073834212 edi 0xbffffb24 -1073743068 eip 0x804843e 0x804843e eflags 0x282 642 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x0 0 fctrl 0x37f 895 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x23 35 fioff 0x40287195 1076392341 foseg 0x2b 43 fooff 0x40299758 1076467544 ---Type to continue, or q to quit--- fop 0x1c9 457 xmm0 0x00000000000000000000000000000000 xmm1 0x00000000000000000000000000000000 xmm2 0x00000000000000000000000000000000 xmm3 0x00000000000000000000000000000000 xmm4 0x00000000000000000000000000000000 xmm5 0x00000000000000000000000000000000 xmm6 0x00000000000000000000000000000000 xmm7 0x00000000000000000000000000000000 mxcsr 0x1f80 8064 (gdb) s function (a=1, b=2, c=3) at example1.c:6 6 } (gdb) bt #0 function (a=1, b=2, c=3) at example1.c:6 #1 0x0804844c in main () at example1.c:9 #2 0x4003e507 in __libc_start_main (main=0x8048438

, argc=1, ubp_av=0xbffffb24, init=0x80482bc <_init>, fini=0x80484a0 <_fini>, rtld_fini=0x4000dc14 <_dl_fini>, stack_end=0xbffffb1c) at ../sysdeps/generic/libc-start.c:129 (gdb) info frame 0 Stack frame at 0xbffffa98: eip = 0x8048436 in function (example1.c:6); saved eip 0x804844c called by frame at 0xbffffab8 source language c. Arglist at 0xbffffa98, args: a=1, b=2, c=3 Locals at 0xbffffa98, Previous frame's sp is 0x0 Saved registers: ebp at 0xbffffa98, eip at 0xbffffa9c (gdb) p &buffer1 $1 = (char (*)[5]) 0xbffffa80 (gdb) p &buffer2 $2 = (char (*)[10]) 0xbffffa70 (gdb) x bffffa98 No symbol "bffffa98" in current context. (gdb) x bffffa98 No symbol "bffffa98" in current context. (gdb) x 0xbffffa98 0xbffffa98: 0xbffffab8 (gdb) x 0xbffffa94 0xbffffa94: 0x4000d450 (gdb) p a $3 = 1 (gdb) x 0xbffffa90 0xbffffa90: 0xbffffac8 (gdb) info register esp esp 0xbffffa70 0xbffffa70 (gdb) info register efp efp: invalid register (gdb) info register ebp ebp 0xbffffa98 0xbffffa98 (gdb) x 0xbffffa8 0xbffffa8: Cannot access memory at address 0xbffffa8 (gdb) x 0xbffffa88 0xbffffa88: 0x400168e4 (gdb) x 0xbffffa8b 0xbffffa8b: 0x13d12e40 (gdb) x 0xbffffa90 0xbffffa90: 0xbffffac8 (gdb) info frame 0 Stack frame at 0xbffffa98: eip = 0x8048436 in function (example1.c:6); saved eip 0x804844c called by frame at 0xbffffab8 source language c. Arglist at 0xbffffa98, args: a=1, b=2, c=3 Locals at 0xbffffa98, Previous frame's sp is 0x0 Saved registers: ebp at 0xbffffa98, eip at 0xbffffa9c (gdb) x 0xbffffa9c 0xbffffa9c: 0x0804844c (gdb) x 0xbffffa98 0xbffffa98: 0xbffffab8 (gdb) info reg sp esp 0xbffffa70 0xbffffa70 (gdb) info reg bp bp: invalid register (gdb) info reg ebp ebp 0xbffffa98 0xbffffa98 (gdb) p &buffer1 $4 = (char (*)[5]) 0xbffffa80 (gdb) p &buffer1 $5 = (char (*)[5]) 0xbffffa80 (gdb) p &a $6 = (int *) 0xbffffaa0 (gdb) p &b $7 = (int *) 0xbffffaa4 (gdb) p &c $8 = (int *) 0xbffffaa8 (gdb) x 0xbffffaa0 0xbffffaa0: 0x00000001

Buffer Overflow Attacks and Defenses