My Paper Writer » Essay Blog » Computer Science Essays Help » MIPS Stack Buffer Overflow Assignment

MIPS Stack Buffer Overflow Assignment

Module 7 Hint

  1. For starters, let’s look at the need for the ASCII table for this assignment. Let’s pretend you ran your program with the string “hello”. If you look in the ‘Hx’ (hex) column on, you

will find that those letter each correspond to the following 1-byte entities (yes, each character

requires 1 byte or 8 bits): 0x68 (h) – 0x65 (e) – 0x6C (l) – 0x6C (l) – 0x6F (o). To see where these fall

in memory, within MARS, choose $sp from the dropdown in the middle of the console to show

the program’s call stack. You should see these bytes somewhere in memory on the first row. You

might also see a 0x0A nearby, what is that?

  1. Once you’ve located the hex values for “hello” in memory, play around with the stack a little bit.

What happens if you type “hellohello”, for example? Do the bytes appear in the same order in

which you typed them? Why/why not?

  1. Our ultimate goal is to execute the ‘print_a’ function. Use the dropdown to show the memory

layout of the .text section. What is the address of the first instruction in the ‘print_a’ function?

That is the address we want to put into $ra just before the ‘print’ function calls jr $ra.

  1. Speaking of $ra, run the program with an input of “hello” again and take another look at the

stack’s memory layout. You will see the hex values for the characters in “hello”, but look to the

right; what do you see? You should see two memory addresses that have already been added to

the stack! One of these is the current $ra!

At this point, you should be able to figure out where $ra is being stored on the stack, notice that the more

characters you type in as the initial input the closer you get to overwriting $ra, know the address of the

‘print_a’ function, and understand how to craft a 4-character input (using the ASCII table) that you can

use to overwrite $ra and trick the program into returning to the start of the ‘print_a’ function rather than

back to the original $ra location.

  • Module 7 Hint


Last Updated on March 15, 2020

Don`t copy text!