gnometorule
August 19th, 2011, 10:31 PM
I'm working through understanding the canary value smash protection for Ubuntu, as a relative beginner to it, good C and some assembly knowledge. I usually find what I need googling, but have a hard time finding a source to explain what exactly in intel assembly the line
move eax, gs:0x14
does: it's clear you load into the accumulator, from the location referenced in gs:0x14, a random canary value. I also believe to remember segment registers were used to extend address space in formats such as
(16 bit address:16 bit address) -> 20 bit address.
(1) As $gs = 51d = 33h, would the result be 314h?
(2) Any more color on that (or the correct) location?
(3) And how do i print a value such as 'gs:14' using gdb (both its address & value)? (not via letting the instruction execute, then check eax, but directly). I'm working with set disassembly-flavor intel.
Many thanks.
P.S.: This isn't about understanding the use of a canary value, how it's xored at frame end to prevent stack smashing. Really only about understanding the above syntax and how to handle it with gdb.
move eax, gs:0x14
does: it's clear you load into the accumulator, from the location referenced in gs:0x14, a random canary value. I also believe to remember segment registers were used to extend address space in formats such as
(16 bit address:16 bit address) -> 20 bit address.
(1) As $gs = 51d = 33h, would the result be 314h?
(2) Any more color on that (or the correct) location?
(3) And how do i print a value such as 'gs:14' using gdb (both its address & value)? (not via letting the instruction execute, then check eax, but directly). I'm working with set disassembly-flavor intel.
Many thanks.
P.S.: This isn't about understanding the use of a canary value, how it's xored at frame end to prevent stack smashing. Really only about understanding the above syntax and how to handle it with gdb.