C buffer Learning 1 --- effect and side effects of the buffer

 

This semester I learned an introduction to computer security from the Computer Science Institute, which is an entry-level course, but I still have a lot of insights and learned about buffer overflow attacks, one thing that suddenly occurred to me for a long time is to sum up and learn about the issue of the C language buffer. After such a long time, it was a bit embarrassing. This blog post should be an entry level. Thank you for your advice.

 

The C language can use pointers to directly operate on memory addresses. This is one of its advantages, but it is also the most vulnerable to security issues. We know that the C language has no memory protection. It assumes that the C language is responsible for Memory Security. Previous experiences tell me that the same is true for Objective-C. On the contrary, java provides a memory protection mechanism. I will not go into detail. Let's talk about the history of the buffer zone.

 

If we write programs on linux and understand the operating system, we all know that system calls are involved. If something happens, we can't see it. We can directly use functions that have been implemented in the C standard library. At this time, we often call functions in the C standard library, such as getc (), in fact, the system will be called when the standard library implements getc.

 

Common functions that are called by the system are file read/write functions in the C library, such as some functions starting with f.

 

Now let's take a look at the process of using gcc to compile and run a program without a buffer to read a single character from a file:

 

User State program call getc (FILE * stream) ---> gnu c library getc ----> System Call -----> gnu c return code ----> User State getc Return ---> read Successful

 

The red text indicates that it is time-consuming and costly. Imagine if we read 10000 characters, such a time-consuming operation would have to be executed 1000 times.

 

Therefore, the buffer zone is introduced in C, which is actually a piece of memory space. In this way, when the system calls the buffer, it will not read only one character. stdio is in the C standard library. h defines the BUFSIZE as the buffer size, that is, the size of data read each time. In this way, the structure changes:

 

User State program call getc (FILE * stream) ---> gnu c library getc ----> System Call -----> read buffer ----> gnu c return code ----> User State getc Return ---> read Successful

 

When the figure reads the second character, the red part is removed. Instead, the buffer is used to replace the original system call part, greatly reducing the number of system calls. Improve program efficiency.

 

However, this caused a problem that many students often encounter when learning C.

 

///// This is the example of clearing the buffer using getchar. This example will be updated later.

 

 

 

------ Technical split line

 

Problems caused by Buffer Overflow

 

The following is what I learned. First, let's take a look at the C language function stack operations.

 

 

The picture is from the courseware of Teacher Wang Yan of Harbin Institute of Computer Science.

 

So, how can we make the buffer overflow? Simply put, we use data larger than the BUFSIZE to fill a BUFSIZ buffer. Since C has no memory protection, compilation and execution of programs will not be prohibited, therefore, the overflow characters in the "subroutine variable" will overwrite the return address. Evil people should think of the attack method.

 

If we have a piece of attack code, as long as we rewrite the return address to the position of the attack code, we can jump to the code we expect when the function returns, so linux under the common attack code is shell code, want to learn shell code friends can refer to this article, write great: http://www.bkjia.com/Article/201112/113530.html

 

However, due to some security features of linux, it is more difficult to predict the address of shell code. Therefore, the common method is nop filling, that is, add a null statement before the shell code, so that the pointer will be executed in sequence, and naturally jump to the shell code location, increasing the scope of hit shell code.

 

The buffer zone is a double-edged sword. It greatly optimizes the program and has various problems. Next we will introduce some common functions, which reflect these problems, efficiency also implies many problems.

 

 

 

Hope to grow together with everyone

 

From Octobershiner Hz