Notes on assignment 1:
$ cc -g -c foo.c $ cc -g -c bar.c $ cc -g -o a.out foo.o bar.o
List of gdb commands: break, run, help, print, x/i, x/x.
x/i and x/x are low-level commands to examine memory. The /i means ``interpret the data as an assembly instruction''. The /x means ``interpret the data as a hexadecimal value''.
The general form for an executable (a.out) or a .o file is a header plus sections:
header |
code section |
initialized data section |
symbol table section |
other sections... |
Imagine we have two source files:
foo.c | bar.c |
int bar(int); void foo() { int x; ... x = bar(3); ... } |
int bar(int j) { return j + 1; } |
When you run
$cc -c foo.c...you get the file foo.o, which is a relocatable object. It has a reference to the function int bar(int), but it does not actually know where to jump to get to that function. The external reference has not been resolved. This illustrates the difference between declaration and definition in programming languages (i.e. in the file foo.c, the function bar() has been declared but not defined).
The linker -- what is run when you generate an executable -- resolves external references and assign addresses to all code and data. An example of this is:
$cc -o a.out foo.o bar.o
When the kernel loads the executable, it maps the program into its own virtual address space like this (just an example):
memory address | item |
0xF0000000 (high mem) | kernel |
0xE0000000 | program stack (growing down) |
... | ... |
0x00100000 | initialized data |
0x00000000 (low mem) | program code |
The memory allocated to code is static in most operating systems, meaning it can't be modified. This is useful because multiple processes running the same program can share these ``text'' pages, resulting in lower physical memory utilization.
This attack, which gives the attacker root privileges, is one which requires the attacker to already be able to run processes on the machine. Such an attack might be mounted by a remote, network-based attacker after she/he uses a buffer overflow attack to gain normal user level access to a machine.
bsy+cse127w02@cs.ucsd.edu, last updated
email bsy.