Buffer
Overflow Demos: The demos are Java applets and require Java 1.3
(or higher) runtime environment. If you need to install Java on your
browser, go to www.download.com
and search for "Java runtime".
View each
demo online: Simply click on a link below to open the desired
demo, then click the animation buttons at the top of the screen. You
may need to wait a moment for the applet to load. For help using the
demos, download a PowerPoint presentation on How
to use the Demo applets.
- Stacks:
An introduction to the way languages like C use stack frames to
store local variables, pass variables from function to function
by value and by reference, and also return control to the calling
subroutine when the called subroutine exits.
- Spock:
Demonstrates what is commonly called a "variable attack" buffer
overflow, where the target is data.
- Smasher:
Demonstrates a "stack attack," more commonly referred to as "stack
smashing."
- StackGuard:
This demo shows how the StackGuard compiler can help prevent "stack
attacks."
- bodemo:
This is a mock attack on a linux system demonstrating how an attacker
can get a root shell.
- its4demo:
Shows the output of ITS4, a static analyzer, on two different C
programs.
- Jumps:
Shows how stacks are used to keep track of subroutine calls.
Demo Structure:
Each buffer overflow demo uses an abstract machine with a small memory
(displayed on the right side of the screen) showing the run-time stack.
For the abstract
machine, there are some assumptions the user should be made aware
of. (1) all library functions, such as gets() and puts(), are compiled
inline and therefore don't require a function call, (2) allocation
for a function's parameters and for its local variables takes place
at the same time, and the return address is put on the stack last,
(3) the stack grows "up" in memory, (4) it does not necessarily reflect
the workings of any architecture or C compiler.
You can download
all of the demos in one archived file to run locally on your computer:
BOallDemos.tar (660 kb) or BOallDemos.zip
(120 kb). The demos are included in the complete
download.
Download
the Complete Module.
After downloading, unzip the file then click on "bomod.exe"
to run. The complete download (~20 Mb) consists of:
Tools: Ready-to-use presentations,
quizzes, exercises, defense tools are listed at the resource
page.
Background reading:
For basic prerequisite knowledge of buffer overflows a good reading
is http://www.rsasecurity.com/rsalabs/technotes/buffer/buffer_overflow.html.
Contacts:
For questions, comments, or general feedback to Dr.
Susan Gerhart (gerharts@erau.edu).
Feedback:
We would like to hear from you about how you used the buffer overflow
materials. Please use our Buffer
Overflow feedback form to submit feedback online, or go to the Feedback
index to report on your use of other modules in this series.
Copyright Notice:
The content of this module and all associated materials are Copyright
(c) 2002, Susan Gerhart, Jan Hogle, Jedidiah Crandall, except otherwise
noted. For information on distribution permission and requirements,
please contact Dr. Susan Gerhart at gerharts@erau.edu.
