Protecting the Stack

This demonstration shows how a stack guard can protect against exploits that change the return address on the stack. This simulation is similar to the stack smasher simulation, except this one uses a stack guard mechanism. Your challenge is to enter data that might overflow the input buffer allowing you to execute the DontCallThisFunction().

General explanation of simulations

· The simulated program’s console screen is shown in the upper right corner.

· The grid on the right represents the 256 bytes of simulated memory in a 16 by 16 grid. The address of a given location is given by the row (most significant or left most 4 bits) and the column (least significant).

· The program instructions occupy smaller addresses and are color coded to match the source code.

· A *in the program memory represents the current program counter location. An ‘Xrepresents the return location of a function call.

· Return addresses appear on the stack as a ‘$. Addresses on the stack are represented as a ‘&. Simple data types (such as char) are passed by value where the value of the parameter is copied to the stack. Complex data types (such as arrays) are passed by reference where the address of the parameter is pushed on the stack.

· Local variables are allocated on the stack.

· An input box will appear at the top when the simulated program requests user input. You can only enter letters. At times it may be useful to input a character that overwrites an address on the stack. The ASCII code of the character will be used as the address in the 256 bytes of simulated memory.

· All library functions, such as gets() and puts(), are assumed to be compiled inline and therefore don't require a function call.

This stack overflow simulation was created by Dr. Kenneth A. Williams. It is a modification of a program created by Dr. Susan Gerhart under NSF Award No. 0113627