2019-2020-1 20175313 "Information security system design basis" the third week of learning summary

Others 2019-10-13 16:31:28 views: null

table of Contents

First, the learning content summary

Data type
| C declarations | the Intel data type | assembly code suffix | size (bytes) | bits |
| -------- |: ---------------- : |: ----------------: |: ---------------: |: -----: |
| target | 5000 rows | 30 Pian | 400 Xiaoshi | |
| week | 301/706 | 1/34 | 18/40 | |

  • NOTE: use the assembly code "l" represents a 4 to 8-byte integer and double precision floating point byte. This does not cause ambiguity, because the floating point number is a completely different set of instructions and registers.

Number of operations

操作数可分为三种类型:
1. 立即数
2. 寄存器
3. 内存引用

Operation indicator

process

P call Q:

  • call QThe instruction in P will call Qnext instruction address A onto the stack, and the program counter is set to the start position Q code.
  • retqA pop-up will address the instruction from the stack, and assign A PC

gdb debugging

  • objdump -d mstore.o disassemble

Buffer overflow

Minimize buffer overflow vulnerabilities in three ways:

  1. Stack randomization: before the program starts, the size of the space allocated randomly between 0-n bytes are not being used on the stack, the stack such that a change in location has a program every time it runs.
  2. Tamper detection stack: the stack is stored in the frame buffer with the stack between any of the local state of a particular canary value, and restoring register state from before the function returns, canary value check whether an operation or function of the an operation a function of the function call is changed. In order to determine whether a buffer overflow.
  3. Limit executable code region: only save the code produced by the compiler portion of memory that only need to be enforceable, the other part can be restricted to only allow read and write. In order to eliminate the ability of the attacker to insert executable code into the system.

Second, the problem of teaching and learning in the process of resolving

  • Problem 1: When the code 114 on the materials to verify, during the compilation of the time display :错误:无效的选项参数'-Og'.

  • 解决方法1:将其改为gcc -O1 -c mstore.c,因为有的版本编译器不支持-Og

  • 运行结果如下:


  1. 使用gdb对教材上的代码进行调试
  • 使用gcc -g week302.c -o week302进行汇编
  • 使用b f在f函数处设置一个断点
  • 使用run运行至断点处
  • 使用disas进行反汇编
  • 使用display /i $pc查看每次执行的汇编语句
  • 使用stepi每次运行一句汇编语句
  • 使用i r查看每个寄存器的值

  • 运行结果如下:



三、心得体会

本周学习内容较为繁杂,只要之前的汇编课认真听讲,理解起来也虽然不是很难。

四、学习进度条

代码行数(新增/累积) 博客量(新增/累积) 学习时间(新增/累积) 重要成长
目标 5000行 30篇 400小时
第三周 301/706 1/34 18/40

  • 计划学习时间:20小时

  • 实际学习时间:18小时

五、参考资料

Guess you like

Origin www.cnblogs.com/xiannvyeye/p/11666309.html
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com