Question: 1. Lets say you are an attacker wishing to exploit the code in part A. Assume that all memory protections have been disabled and the

1. Lets say you are an attacker wishing to exploit the code in part A. Assume that all memory protections have been disabled and the stack looks similar to figure 1. Your task is to construct a string that will overflow the buffer and crash the program. Given below are pointers to construct the string. Use them and construct the malicious input string. We will assume that the machine is a 64-bit Intel x86 machine. Note that to avoid fragmentation the buffer size will be rounded off to the nearest multiple of word size (refer to lecture notes if this point is not clear to you.) To crash the program a garbage instruction needs to be written after the return address, which will occupy 64-bit on stack. Usually, a no-operation command (NOP), which is the string \x90, is used as a garbage instruction as it does not do anything. Your exploit string is basically appropriate number of \x90 concatenated together. Remember that the stack gets filled from lower memory address to higher memory address in buffer overflow scenarios and dont forget that the size of \x90 is 1 byte.

2. Read the following paragraph carefully and answer. Just-In-Time (JIT) compilation executes a program by compiling it during its execution, rather than prior to its execution. This is especially useful in browsers as it significantly speeds up Javascript execution. JIT compiler writes code into memory, so that memory must be marked writable. Also, since the output of JIT compiler is machine code that is being executed at the same time of its generation, there is no time to copy that code into another memory location which is executable. Due to this restriction, JIT compilers output is stored in memory which is both writable and executable. Consider that the victim is using a machine which is protected by WX and DEP and it supports JIT. The machine has additional protections to prevent return-to-libc attacks but anything using JIT is a fair game.. Does the use of JIT allow the attacker to bypass WX and DEP protections? Why or why not?

Lower Memory Address Higher Memory Address buf return address Stack Pointer Figure 1: Figure for Problem 20 Lower Memory Address Higher Memory Address buf return address Stack Pointer Figure 1: Figure for Problem 20

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Help on part C only Problem 2 A. (2 points) What is wrong with the following code? Indicate the line(s) and why it is wrong. #include void foo () { char buf[5]; printf("%p n Please enter a command....

Goal: Understand the concept of Buffer Overflows, potential security impacts and ways to help prevent them Task: In teams of 2 students, complete as much of the lab as time allows. Both individuals...

CLOSING ARGUMENTS A Closing Argument should: 1. Repeat your theory and theme of the case 2. Summarize the evidence that preceded it 3. Relate the evidence to the law and the legal issues (i.e....

Provide a summary technical report with about Pipelined Execution which is also named as Instruction Level Parallelism, addressing mainly the following areas: 1. What is Pipelined Execution and its...

A creative engineer suggests structuring the TLB so that not all the bits of the presented address need match to result in a hit. Suggest how this might be achieved, and what might be the costs and...

Defense Cross Examination of Corey Hyde 1. D: \"Mr. Hyde, is it true when you originally acquired your position as Avery Bancroft's assistant at the Black Bear Casino, you were not thrilled at the...

CLOSING ARGUMENTS A Closing Argument should: 1. Repeat your theory and theme of the case 2. Summarize the evidence that preceded it 3. Relate the evidence to the law and the legal issues (i.e....

Opening Statement for Defense The 1948 U.S. Presidential election was a hard fight for Harry Truman. No one thought he had a shot and the folks at the Chicago Daily Tribune didn't think so either. At...

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Briefly describe ASCII and Unicode and draw attention to any relationship between them. [3 marks] (b) Briefly explain what a Reader is in the context of reading characters from data. [3 marks] A...

There are a very large number of mutual funds from which an investor can choose. Each mutual fund has its own mix of different types of investments. The data BestFunds1 present the one-year return...

Danica has purchased $700 worth of units in a Global Equity Fund every calendar quarter for the past 7 years and 9 months. On average, the fund has earned 9% compounded quarterly. What were Danicas...

Twa stocks, A and B , possess the following characteristics. betastandard deviationstock A stock BWhich statement Is correct? 1 . 2 5 0 . 1 8 1 . 2 0 0 . 1 9 4 5 Multiple CholceStock B has the...

harp Company manufactures a product for which the following standards have been set: Standard Quantity or Hours Standard Price or Rate Standard Cost Direct materials 3 feet $ 5 per foot $ 15 Direct...