Code: analysis, bugs, and security
optional course, supported by Bitdefender
Instructor: Marius Minea, firstname.lastname@example.org (Office: B531. Phone: +40-256-403284)
New: contest with special prizes for students participating in the course
Lab assistant: Andrei Ardelean, gmail: andreirardelean
Course: Wed 8-10, ASPC
Lab: Thu 16-18, B528; Fri 12-14, B418
Sample program: print addresses
- Assembly language.
Sample programs: nested expression (and in three-address code), switch, array of function pointers, lists with pointers to pointers
See also: x86 Assembly Guide (David Evans, U. Virginia)
- Robust and secure programming in C
See also: CERT C Coding Standard
- Compiler basics. Native code and bytecode.
- Linking and loading.
A very good summary (D. Beazley et al.)
U. Drepper. How to write shared libraries -- a very detailed description.
- Obfuscation (summary). Extensive slideset (Christian Collberg, U. Arizona)
Extra: a recent deobfuscation paper (IEEE S&P 2015) -- see general discussion and obfuscated graphs.
- Analysis with LLVM. Intro and LLVM Passes (F. Pereira, UFMG), also tutorial from 2015 LLVM Dev meeting
Obfuscate add pass + CMakeFile (adapted from tutorial above).
Writing an LLVM pass and LLVM Programmer's Manual
- Week 2: structure of a Unix executable (ELF)
For the lab: practice writing programs which follow file structure, e.g. ZIP file, bitmap, etc.
Lab summary: parseElf.c: inspect the file processing code and error checks, and try to find a missing check with very bad consequences.
- Week 3: write an unzip program, and check it against some test archives (with some problems)
archive with all zip files. File zipinfo.txt describes each zip.
- Week 4: Examine and modify assembly produced by the compiler.
- Week 5: Running in a debugger. GDB command summary
The programs with function hooking and mprotect done in the lab (updated also for 64 bits, try yourself first).
Some more explanations about resolution of library functions with different compilers.
- Week 6. Obfuscation. First and second binary to work on.
The Tigress virtualizer/obfuscator
- Week 7. Writing an LLVM pass. obfuscate add, count memory writes.
- Week 8. Memory corruption vulnerabilities. test program.
- overwrite the return address with that of go_shell
- insert your own payload on the stack
- same as above, but with randomized stack (search for jmp esp
- with non-executable stack enabled, do a ROP attack
- Week 9. Writing a clang checker. Tutorial. archive and code written in lab
- Week 11. Fuzzing and symbolic execution.
American Fuzzy Lop
Tool to interpret KLEE results
Last modified: Thu Nov 10 14:15:00 EET 2016