原创 Out-of-Bounds Memory References and Buffer Overflow

callee:

pushl  %edp                               save %edp on stack

movl   %esp, %edp

pushl  %ebx                                save %ebx

subl    $20, %esp

......

popl %ebx                                  restore  %ebx

popl  %edp                                 restore  %ebp

ret

 

1.if the stored value of %ebx is corrupted, then this registerwill not be restored properly, and so the caller will not be able to rely on the integrity of this register, even though it should be callee-saved.

2.If the stored value of %edp is corrupted, then this register will not be restored properly, and so the caller will not be able to reference its local variables or parameters properly.

3.If the stored value of the return address is corrupted, then the ret instruction will cause the program to jump to a totally unexecpted location

 

Stack of randomization has become standard practice In Linux systems. It is one of a larger class of techniques known as address-space layout randomization, or ASLR. With ASLR, different parts o the program, including program code, library code, stack, global variables, and heap data, are loaded into different regions of memory each time a program is run.