Differences
This shows you the differences between two versions of the page.
|
cns:sidebar [2014/11/02 09:15] vlad.dumitrescu |
cns:sidebar [2017/01/28 16:44] (current) razvan.deaconescu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | {{indexmenu>:cns:#1 | nons}} | + | {{indexmenu>:cns:#1|nons skipfile+/cns:(sidebar|index)/}} |
| + | <hidden> | ||
| + | * [[:cns:index|Index]] | ||
| + | </hidden> | ||
| + | |||
| + | ====== Resources ====== | ||
| + | |||
| + | {{indexmenu>:cns:resources#1}} | ||
| ====== Labs ====== | ====== Labs ====== | ||
| Line 13: | Line 20: | ||
| {{indexmenu>:cns:assignments#1}} | {{indexmenu>:cns:assignments#1}} | ||
| - | ==== 1: GDB ==== | + | ====== Extra ====== |
| - | The purpose of this task is to explore GDB, and automate a debugging session. You are encouraged to use the [[http://sourceware.org/gdb/current/onlinedocs/gdb/|GDB User Manual]], and what you learned during the previous lab sessions. We recommend that you start solving each subtask in a live debugging session, and then assemble the final script that will be submitted to vmchecker. | + | {{indexmenu>:cns:extra#1}} |
| - | The given binary computes the SHA-1 hash of some input, but if you send him a signal at the right time, it will also compute a special hash. Write a GDB script/commands file that goes through the following steps (you can add more interesting step if you fell like it): | ||
| - | - when data to be hashed is being requested, a ''read()'' syscall will be issued, catch it | ||
| - | - break execution right before ''compute_hash()'' is called (you should now be in ''main()'''s stack frame) | ||
| - | - print the 5 instructions before the current instruction pointer | ||
| - | - you will discover there is a special, or "reversed hash" mode, break execution on ''printf'' calls while in this mode | ||
| - | * print current frame and the EIP register each time this breakpoint triggers | ||
| - | - break on ''malloc'' calls | ||
| - | * print the return value after ''malloc'' finishes | ||
| - | - break in ''compute_hash()'' after ''malloc'' call | ||
| - | * print the stack, the registers and the last 3 frames | ||
| - | - move to the previous frame, and print registers | ||
| - | - move back, and print locals and arguments | ||
| - | - remove all breakpoints, catchpoints and watchpoints | ||
| - | - __rerun__, but break before the entry point and add the following | ||
| - | - add watchpoints for hash mode changes | ||
| - | - send the required signal | ||
| - | - __rerun__, but this time, trigger the mode change without sending the signal | ||
| - | - break somewhere | ||
| - | * print the memory where the intro message is held in hex | ||
| - | - __rerun__ | ||
| - | - break in ''main()'' after ''compute_hash()'' | ||
| - | * print the heap section holding the hash in hex | ||
| - | - __rerun__ | ||
| - | - trigger the mode change (with signal or not) | ||
| - | - break just before main has finished | ||
| - | - get the hash from stdout; find it in memory using GDB (you can call, from GDB, a small shell/Python script to make format conversions) | ||
| - | |||
| - | ====== Resources ====== | ||
| - | |||
| - | {{indexmenu>:cns:resources#1}} | ||
