Download - Lab Manual Preview
-
8/18/2019 Lab Manual Preview
1/22
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
2/22
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
3/22
!
!
ARM Architecture Reference (the basics)
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
4/22
!
!
!
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
5/22
!
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
6/22
!
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
7/22
!
!
!
!
N: Negative Z: Zero C:Carry V:oVerflow
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
8/22
!
More variants found on page 122 of Architecture Reference
CMP R0, #1 ;check if R0 is equal to 1MOVNE R1, #2 ;if R0 is equal to 1 then move 2 to R1MOVEQ R2, #3 ;else move 3 into R2
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
9/22
!
MOV PC, #1337 ;Redirect execution to 1337
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
10/22
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
11/22
!
!
MRS R0, CPSR ;Read CPSR into R0BIC R0, R0, #0xF0000000 ;Clear out N Z C and V of CPSRMSR CPSR_f, R0 ;Move contents of R0 to CPSR. N,Z,C and V
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
12/22
!
!
!
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
13/22
!
!
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
14/22
!
!
!
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
15/22
!
!
STMFD R13!, {R0-R1, R5, LR} ;Store R0-R1 and R1,R5 and LR
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
16/22
!
!
!
!
!
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
17/22
!
!
!
!
!
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
18/22
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
19/22
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
20/22
BUFFER
BUFFER OVERFLOW OR BUFFER OVERRUN
STACK OVERFLOW
HEAP OVERFLOW
BOUNCEPOINT OR GADGET
RETURN-TO-LIBC OR RETURN-TO-TEXT
STACK FLIPPING OR “PIVOTING”
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
21/22
EXTENDED RETURN-TO-LIBC OR RETURN-ORIENTED
PROGRAMMING (ROP)
MEMORY CORRUPTION
USE-AFTER-FREE
OFF-BY-ONE
INTEGER OVERFLOW
http://www.dontstuffbeansupyournose.com/http://www.dontstuffbeansupyournose.com/
-
8/18/2019 Lab Manual Preview
22/22
http://www.dontstuffbeansupyournose.com/