├── readme.md ├── 实验一_数据的表示.docx ├── 实验一代码 ├── 任务一.cpp └── 任务二.cpp ├── 实验三_二进制程序分析.docx ├── 实验二_汇编语言编程基础.docx ├── 实验二代码 ├── 任务2.1.s ├── 任务2.2.s ├── 任务2.3(不考虑溢出的版本).s └── 任务2.3(考虑溢出的版本).s ├── 实验五__链接炸弹拆除.docx ├── 实验五代码 ├── a.o ├── a.s ├── linkbomb1 ├── linkbomb11 ├── linkbomb2 ├── linkbomb3 ├── linkbomb4 ├── linkbomb5 ├── linkbomb6 ├── linkbomb7 ├── main.c ├── main.o ├── phase0.c ├── phase1.o ├── phase2.o ├── phase3.o ├── phase4.o ├── phase5.o ├── phase6.o ├── phase6_path.c ├── phase6_path.o └── phase7.o ├── 实验四_缓冲区溢出攻击.docx ├── 实验四代码 ├── bang.s ├── bang_hex.txt ├── bomb.s ├── boom_hex.txt ├── fizz_hex.txt └── smoke_hex.txt ├── 封面.docx └── 新建文件夹 ├── linkbomb6 ├── linkbomb7 ├── main.c ├── main.o ├── phase6.o ├── phase6_patch.c ├── phase6_patch.o └── phase7.o /readme.md: -------------------------------------------------------------------------------- 1 | ## 文件夹架构 2 | 3 | 分为代码和报告两部分组成 4 | 5 | * 报告这部分给出了五个实验的具体报告以及一个实验封面 6 | * 代码这部分,实验一给出了两个任务所写的c文件的代码;实验二给出了四个汇编文件的代码,包含任务三的优化前和优化后的代码;实验三无代码;实验四给出了四个任务的构造的攻击文件和后两个任务构造的汇编攻击代码;实验五给出了整个实验涉及到的相关可重定位目标文件和可执行目标文件 7 | 8 | -------------------------------------------------------------------------------- /实验一_数据的表示.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验一_数据的表示.docx -------------------------------------------------------------------------------- /实验一代码/任务一.cpp: -------------------------------------------------------------------------------- 1 | #define _CRT_SECURE_NO_WARNINGS 2 | #include 3 | #include 4 | using namespace std; 5 | 6 | struct student; 7 | // 压缩函数 8 | int pack_student_bytebybyte(student* s, int sno, char* buf); 9 | int pack_student_whole(student* s, int sno, char* buf); 10 | 11 | // 解压函数 12 | int restore_student(char* buf, int len, student* s); 13 | 14 | // 输出函数 15 | void printMessage(char* message, int len); 16 | 17 | // 延迟函数 18 | void ddelay(); 19 | 20 | const int N = 5; 21 | 22 | struct student 23 | { 24 | char name[8]; 25 | long long age; 26 | float score; 27 | char remark[196]; 28 | }new_s[N]; 29 | 30 | int main() { 31 | // 存放压缩的信息 32 | char message[500]; 33 | //memset(message, 0, sizeof message); 34 | // 初始化 35 | student old_s[N] = { 36 | {"王国豪",15,43,"人生若只如初见"}, 37 | {"啦啦",2,98,"何事秋风悲画扇"}, 38 | {"笨蛋",3,96,"等闲变却故人心"}, 39 | {"什么",4,94,"却道故人心易变"}, 40 | {"鲁尼在",5,92,"沧海桑田"} 41 | }; 42 | cout << "开始输出未压缩的内容......" << endl; 43 | // 打印 old_s[N] 44 | for (int i = 0; i < N; i++) { 45 | cout << old_s[i].name << " " << old_s[i].age << " " << old_s[i].score << " " << old_s[i].remark << endl; 46 | } 47 | cout << "压缩前存放数据的长度为 :" << sizeof old_s << endl; 48 | cout << "下面开始按字节压缩前2条记录" << endl; 49 | //ddelay(); 50 | 51 | // 按字节压缩 52 | int len = pack_student_bytebybyte(old_s, 2, message); 53 | 54 | cout << "此时message的长度为: " << len << endl; 55 | 56 | cout << "下面开始按一条一条压缩下3条记录" << endl; 57 | //ddelay(); 58 | 59 | // 一条一条压缩 60 | len += pack_student_whole(&old_s[2], 3, message + len); 61 | 62 | cout << "此时message的长度为: " << len << endl; 63 | 64 | // 开始输出存储压缩信息的message中的内容 65 | cout << "开始输出两次压缩后message中的内容" << endl; 66 | printMessage(message, len); 67 | 68 | cout << "下面开始解压message中的信息到新结构体中" << endl; 69 | //ddelay(); 70 | 71 | int num = restore_student(message, len, new_s); 72 | 73 | // 打印 new_s[N] 74 | for (int i = 0; i < num; i++) { 75 | cout << new_s[i].name << " " << new_s[i].age << " " << new_s[i].score << " " << new_s[i].remark << endl; 76 | } 77 | 78 | char* pp = message; 79 | cout << "以十六进制的形式,输出message的前20个字节的内容 " << endl; 80 | for (int i = 0; i < 20; i++) { 81 | printf("%02X ", (unsigned char)(*(pp + i))); 82 | } 83 | 84 | return 0; 85 | } 86 | 87 | void printMessage(char* message, int len) { 88 | int cnt = 0; 89 | char* p = message; 90 | while (p - message < len) 91 | { 92 | cout << p << " "; // 名字 93 | p += strlen(p) + 1; 94 | cout << *((short*)p) << " "; // 年龄 95 | p += 2; 96 | cout << *((float*)p) << " "; 97 | p += 4; 98 | cout << p << " " << endl; 99 | p += strlen(p) + 1; 100 | } 101 | } 102 | 103 | // s为待压缩数组的起始地址; sno 为压缩人数; 104 | // buf 为压缩存储区的首地址;两个函数的返回均是调用函数压缩后的字节数 105 | int pack_student_bytebybyte(student* s, int sno, char* buf) { 106 | int cnts = 0; 107 | int cntname, cntage, cntscore, cntremark, cntbuf = 0; 108 | char* p = (char*)s; 109 | char* pp = buf; 110 | while (cnts < sno) 111 | { 112 | // 读取名字 113 | cntname = 0; 114 | while (cntname < 8) { 115 | if (*p) { // 遇到\0 116 | *pp = *p; 117 | cntname++, cntbuf++; 118 | p++, pp++; 119 | } 120 | else { 121 | *pp = '\0'; 122 | cntbuf++; 123 | p += (8 - cntname); 124 | pp++; 125 | break; 126 | } 127 | } 128 | 129 | // 读取年龄 130 | cntage = 0; 131 | while (cntage < 2) 132 | { 133 | *pp = *p; 134 | cntbuf++, cntage++, p++, pp++; 135 | } 136 | 137 | p += 2; 138 | // 读入float,占 4 个字节 139 | cntscore = 0; 140 | while (cntscore < 4) 141 | { 142 | *pp = *p; 143 | cntbuf++, cntscore++, p++, pp++; 144 | } 145 | 146 | // 读取remark数组 147 | cntremark = 0; 148 | while (cntremark < 200) 149 | { 150 | if (*p) { 151 | *pp = *p; 152 | cntbuf++, cntremark++, p++, pp++; 153 | } 154 | else { 155 | *pp = 0; 156 | cntbuf++, pp++; 157 | p += (200 - cntremark); 158 | break; 159 | } 160 | } 161 | cnts++; 162 | } 163 | return cntbuf; 164 | } 165 | 166 | // 按 167 | int pack_student_whole(student* s, int sno, char* buf) { 168 | int cnts = 0; 169 | char* p = (char*)s; 170 | char* pp = buf; 171 | student* ppp = s; 172 | while (cnts < sno) 173 | { 174 | // 拷贝名字 175 | strcpy(pp, ppp[cnts].name); 176 | pp += strlen(ppp[cnts].name) + 1; 177 | // 拷贝age 178 | *((short*)pp) = ppp[cnts].age; 179 | pp += 2; 180 | // 拷贝score 181 | *((float*)pp) = ppp[cnts].score; 182 | pp += 4; 183 | // 拷贝备注 184 | strcpy(pp, ppp[cnts].remark); 185 | pp += strlen(ppp[cnts].remark) + 1; 186 | cnts++; 187 | 188 | } 189 | return pp - buf; 190 | } 191 | 192 | 193 | // 解压函数 194 | //buf 为压缩区域存储区的首地址;len为buf中存放数据的长度; 195 | // s为存放解压数据的结构数组的起始地址; 返回解压的人数。 196 | int restore_student(char* buf, int len, student* s) { 197 | int cnt = 0; // 记录解压的人数 198 | char* p = buf; 199 | student* pp = s; 200 | int record = 0; 201 | while ((p - buf) < len) 202 | { 203 | // 解压名字 204 | strcpy(pp[cnt].name, p); 205 | p += strlen(pp[cnt].name) + 1; 206 | // 解压年龄 207 | pp[cnt].age = *((short*)p); 208 | p += 2; 209 | // 解压分数 210 | pp[cnt].score = *((float*)p); 211 | p += 4; 212 | // 解压备注 213 | strcpy(pp[cnt].remark, p); 214 | p += strlen(pp[cnt].remark) + 1; 215 | // 条数加一 216 | cnt++; 217 | } 218 | return cnt; 219 | } 220 | 221 | void ddelay() { 222 | for (int i = 0; i <= 4; i++) { 223 | cout << "*"; 224 | Sleep(1000); 225 | } 226 | cout << endl; 227 | } 228 | -------------------------------------------------------------------------------- /实验一代码/任务二.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验一代码/任务二.cpp -------------------------------------------------------------------------------- /实验三_二进制程序分析.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验三_二进制程序分析.docx -------------------------------------------------------------------------------- /实验二_汇编语言编程基础.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验二_汇编语言编程基础.docx -------------------------------------------------------------------------------- /实验二代码/任务2.1.s: -------------------------------------------------------------------------------- 1 | .section .data 2 | buf1: .byte 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 3 | buf2: .fill 10, 1, 0 4 | buf3: .fill 10, 1, 0 5 | buf4: .fill 10, 1, 0 6 | 7 | # 定义提示信息 8 | prompt: .asciz "Press any key to begin!\n" 9 | prompt_len = . - prompt 10 | 11 | # 定义一个字符缓冲区来读取用户按键 12 | input_char: .byte 1 13 | 14 | .section .text 15 | .global main 16 | main: 17 | mov $buf1, %esi 18 | mov $buf2, %edi 19 | mov $buf3, %ebx 20 | mov $buf4, %edx 21 | mov $10, %ecx 22 | 23 | # 保存现场 24 | push %rax 25 | push %rbx 26 | push %rcx 27 | push %rdx 28 | 29 | # 显示提示信息 30 | mov $4, %eax # 系统调用号 (sys_write) 31 | mov $1, %ebx # 文件描述符 (stdout) 32 | mov $prompt, %ecx # 消息的地址 33 | mov $prompt_len, %edx # 消息的长度 34 | int $0x80 # 调用内核 35 | 36 | # 等待用户按键 37 | mov $3, %eax # 系统调用号 (sys_read) 38 | mov $0, %ebx # 文件描述符 (stdin) 39 | mov $input_char, %ecx # 输入缓冲区地址 40 | mov $1, %edx # 读取的字节数 41 | int $0x80 # 调用内核 42 | 43 | # 恢复现场 44 | pop %rdx 45 | pop %rcx 46 | pop %rbx 47 | pop %rax 48 | 49 | lopa: mov (%esi), %al 50 | mov %al, (%edi) 51 | inc %al 52 | mov %al, (%ebx) 53 | add $3, %al 54 | mov %al, (%edx) 55 | inc %esi 56 | inc %edi 57 | inc %ebx 58 | inc %edx 59 | dec %ecx 60 | jnz lopa 61 | mov $1, %eax 62 | movl $0, %ebx 63 | int $0x80 64 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /实验二代码/任务2.2.s: -------------------------------------------------------------------------------- 1 | .section .data 2 | buf1: .byte 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 3 | buf2: .fill 10, 1, 0 4 | buf3: .fill 10, 1, 0 5 | buf4: .fill 10, 1, 0 6 | 7 | .section .text 8 | .global main 9 | main: 10 | mov $0,%ecx 11 | lopa: 12 | mov buf1(%ecx),%al 13 | mov %al,buf2(%ecx) 14 | inc %al 15 | mov %al,buf3(%ecx) 16 | add $3,%al 17 | mov %al,buf4(%ecx) 18 | inc %ecx 19 | cmp $9,%ecx 20 | jle lopa 21 | mov $1,%eax 22 | mov $0,%ebx 23 | int $0x80 24 | -------------------------------------------------------------------------------- /实验二代码/任务2.3(不考虑溢出的版本).s: -------------------------------------------------------------------------------- 1 | .section .data 2 | sdmid: .fill 9,1,0 3 | sda: .long 1 4 | sdb: .long 2 5 | sdc: .long 3 6 | sf: .long 0 7 | 8 | .section .text 9 | .global _start 10 | _start: 11 | mov $sda,%esi # 存储a的地址 12 | call calculate 13 | 14 | mov $1,%eax 15 | mov $0,%ebx 16 | int $0x80 17 | 18 | # 子程序 19 | .type calculate @function 20 | calculate: 21 | pushl %ebx 22 | pushl %ecx 23 | pushl %edx 24 | movl (%esi), %ebx # ebx = a 25 | movl 4(%esi), %ecx # ecx = b 26 | movl 8(%esi), %edx # edx = c 27 | 28 | # 计算f = (5a + b - c + 100) / 128 29 | imull $5, %ebx # ebx = 5a 30 | addl %ecx, %ebx # ebx = 5a + b 31 | subl %edx, %ebx # ebx = 5a + b - c 32 | addl $100, %ebx # ebx = 5a + b - c + 100 33 | sarl $7, %ebx # ebx = (5a + b - c + 100) / 128 34 | movl %ebx, 12(%esi) # 保存f到sf 35 | 36 | # 根据f的值设置eax 37 | cmpl $100, %ebx 38 | jl less_than_100 39 | je equal_to_100 40 | jg greater_than_100 41 | 42 | less_than_100: 43 | movl $-1, %eax 44 | jmp end_calculate 45 | 46 | equal_to_100: 47 | movl $0, %eax 48 | jmp end_calculate 49 | 50 | greater_than_100: 51 | movl $1, %eax 52 | 53 | end_calculate: 54 | popl %edx 55 | popl %ecx 56 | popl %ebx 57 | ret 58 | -------------------------------------------------------------------------------- /实验二代码/任务2.3(考虑溢出的版本).s: -------------------------------------------------------------------------------- 1 | .section .data 2 | sdmid: .ascii "000111", "\0\0\0" # 每组数据的流水号(可以从1开始编号) 3 | sda: .long 512 # 状态信息a 4 | sdb: .long -1023 # 状态信息b 5 | sdc: .long 1265 # 状态信息c 6 | sf: .long 0 # 处理结果f 7 | 8 | .ascii "000222","\0\0\0" 9 | .long 256809 # 状态信息a 10 | .long -1023 # 状态信息b 11 | .long 2780 # 状态信息c 12 | .long 0 # 处理结果f 13 | 14 | .ascii "000333","\0\0\0" 15 | .long 2513# 状态信息a 16 | .long 1265 # 状态信息b 17 | .long 1023 # 状态信息c 18 | .long 0 # 处理结果f 19 | 20 | .ascii "000444","\0\0\0" 21 | .long 512 # 状态信息a 22 | .long -1023 # 状态信息b 23 | .long 1265 # 状态信息c 24 | .long 0 # 处理结果f 25 | .ascii "555555","\0\0\0" 26 | .long 2513 27 | .long 1265 28 | .long 1023 29 | .long 0 30 | .ascii "666666","\0\0\0" 31 | .long 256800 32 | .long -2000 33 | .long 1000 34 | .long 0 35 | num = 6 36 | midf: .fill 9, 1, 0 37 | .long 0, 0, 0, 0 38 | .fill 9, 1, 0 39 | .long 0,0,0,0 40 | .fill 9, 1,0 41 | .long 0,0,0,0 42 | highf: .fill 9, 1, 0 43 | .long 0, 0, 0, 0 44 | .fill 9, 1, 0 45 | .long 0,0,0,0 46 | .fill 9,1,0 47 | .long 0,0,0,0 48 | lowf: .fill 9, 1, 0 49 | .long 0, 0, 0, 0 50 | .fill 9, 1, 0 51 | .long 0,0,0,0 52 | .fill 9,1,0 53 | .long 0,0,0,0 54 | len=25 55 | 56 | .section .text 57 | .global _start 58 | _start: 59 | # 这里要写 60 | pushl %ebp 61 | movl %esp, %ebp 62 | 63 | # -4(读id) -16(midf p) -12(highf p) -8(lowf p) 64 | sub $16, %esp 65 | movl $0, -4(%ebp) 66 | movl $lowf, -8(%ebp) 67 | movl $highf, -12(%ebp) 68 | movl $midf, -16(%ebp) 69 | mov $sdmid, %ebx 70 | L1: 71 | lea 9(%ebx), %esi 72 | call calculate 73 | 74 | push $len 75 | cmp $0, %eax 76 | jne L2 77 | pushl -16(%ebp) 78 | addl $len, -16(%ebp) 79 | jmp L4 80 | L2: 81 | jg L3 82 | pushl -8(%ebp) 83 | addl $len, -8(%ebp) 84 | jmp L4 85 | L3: 86 | pushl -12(%ebp) 87 | addl $len, -12(%ebp) 88 | L4: 89 | mov -4(%ebp), %ecx 90 | push %ebx 91 | call copy_data 92 | L5: 93 | add $len, %ebx 94 | incl -4(%ebp) 95 | cmpl $num, -4(%ebp) 96 | jl L1 97 | 98 | movl %ebp, %esp 99 | popl %ebp 100 | 101 | mov $1, %eax 102 | mov $0, %ebx 103 | int $0x80 104 | 105 | .type calculate @function 106 | calculate: 107 | 108 | push %ebp 109 | mov %esp, %ebp 110 | pushl %ebx 111 | pushl %ecx 112 | pushl %edx 113 | pushl %edi 114 | movl (%esi), %eax # eax = a 115 | movl 4(%esi), %ebx # ebx = b 116 | movl 8(%esi), %ecx # ecx = c 117 | 118 | # 开始计算 119 | mov $5 , %edi 120 | imull %edi 121 | addl %ebx, %eax 122 | jno next1 123 | addl $1, %edx 124 | next1: 125 | subl %ecx, %eax 126 | jno next2 127 | subl $1, %edx 128 | next2: 129 | addl $100, %eax 130 | jno next3 131 | addl $1, %edx 132 | next3: 133 | # 如果高位有数字,则直接大于100,不怕高位是符号1,因为全是1的话为-1 134 | sarl $7, %eax 135 | mov %eax, %ebx 136 | cmp $0, %edx 137 | jle next4 138 | mov $101, %ebx 139 | 140 | next4: 141 | # 根据f的值设置eax 142 | cmpl $100, %ebx 143 | jl less_than_100 144 | je equal_to_100 145 | jg greater_than_100 146 | 147 | less_than_100: 148 | movl $-1, %eax 149 | jmp end_calculate 150 | 151 | equal_to_100: 152 | movl $0, %eax 153 | jmp end_calculate 154 | 155 | greater_than_100: 156 | movl $1, %eax 157 | 158 | end_calculate: 159 | popl %edi 160 | popl %edx 161 | popl %ecx 162 | popl %ebx 163 | 164 | mov %ebp, %esp 165 | pop %ebp 166 | ret 167 | 168 | 169 | .type copy_data @function 170 | copy_data: 171 | # 使用堆栈传递参数: 源地址, 目标地址, 字节长度 172 | push %ebp 173 | mov %esp, %ebp 174 | 175 | push %ecx 176 | push %esi 177 | push %edi 178 | push %eax 179 | 180 | movl 16(%ebp), %ecx # ecx = 字节长度 181 | movl 12(%ebp), %esi # esi = 源地址 182 | movl 8(%ebp), %edi # edi = 目标地址 183 | 184 | # 拷贝数据,每次4字节,剩余1字节单独拷贝 185 | cpy_loop: 186 | cmpl $4, %ecx 187 | jl copy_last_byte 188 | mov (%edi), %eax 189 | mov %eax, (%esi) # 拷贝4字节 190 | subl $4, %ecx 191 | addl $4, %esi 192 | addl $4, %edi 193 | jmp cpy_loop 194 | 195 | copy_last_byte: 196 | je end_copy 197 | movb (%esi), %al 198 | movb %al, (%edi) # 拷贝1字节 199 | 200 | 201 | end_copy: 202 | # 恢复现场 203 | pop %eax 204 | pop %edi 205 | pop %esi 206 | pop %ecx 207 | 208 | mov %ebp, %esp 209 | pop %ebp 210 | ret 211 | -------------------------------------------------------------------------------- /实验五__链接炸弹拆除.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五__链接炸弹拆除.docx -------------------------------------------------------------------------------- /实验五代码/a.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/a.o -------------------------------------------------------------------------------- /实验五代码/a.s: -------------------------------------------------------------------------------- 1 | lea -0x17(%ebp),%ecx 2 | push %ecx 3 | call 0x13dc 4 | add $4, %esp 5 | -------------------------------------------------------------------------------- /实验五代码/linkbomb1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/linkbomb1 -------------------------------------------------------------------------------- /实验五代码/linkbomb11: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/linkbomb11 -------------------------------------------------------------------------------- /实验五代码/linkbomb2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/linkbomb2 -------------------------------------------------------------------------------- /实验五代码/linkbomb3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/linkbomb3 -------------------------------------------------------------------------------- /实验五代码/linkbomb4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/linkbomb4 -------------------------------------------------------------------------------- /实验五代码/linkbomb5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/linkbomb5 -------------------------------------------------------------------------------- /实验五代码/linkbomb6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/linkbomb6 -------------------------------------------------------------------------------- /实验五代码/linkbomb7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/linkbomb7 -------------------------------------------------------------------------------- /实验五代码/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | void (*phase)(int i); // 定义了一个函数指针 6 | 7 | int gencookie(char *s) 8 | { 9 | if (strlen(s) !=10) { 10 | printf("length of userid must be 10. \n"); 11 | return 0; 12 | } 13 | if (s[0] !='U' && s[0] !='u') { 14 | printf("student id satrt with U. \n"); 15 | return 0; 16 | } 17 | for(int i=1;i<10;i++) 18 | if (s[i]<'0' || s[i]>'9') { 19 | printf("stuid must be digitals. \n"); 20 | return 0; 21 | } 22 | return 5+atoi(s+9); 23 | } 24 | 25 | int main(int argc, const char *argv[]) 26 | { 27 | int cookie; 28 | char stuid[12]; 29 | printf("please input you stuid : "); 30 | scanf("%s",stuid); 31 | cookie = gencookie(stuid); 32 | 33 | if (phase) 34 | (*phase)(cookie); 35 | else { 36 | printf("Welcome to linkbomb \n"); 37 | printf("You should modify phase1.o, phase2.o ....\n"); 38 | printf("execute : gcc -no-pie -o linkbomb1 main.o phase1.o \n"); 39 | printf("execute : ./linkbomb1 \n"); 40 | } 41 | printf("Bye Bye !\n"); 42 | return 0; 43 | } 44 | -------------------------------------------------------------------------------- /实验五代码/main.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/main.o -------------------------------------------------------------------------------- /实验五代码/phase0.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void do_phase(int); 4 | 5 | void (*phase)(int pos)=do_phase; // 定义了一个函数指针 6 | 7 | void do_phase(int pos) 8 | { 9 | printf("Hello. Do you understand strong / weak symbol ? \n"); 10 | printf(" function pointer phase is a weak symbol in main.c \n"); 11 | printf(" function pointer phase is a strong symbol in phase0.c \n"); 12 | printf(" So, You can compare difference of two program : \n"); 13 | printf(" gcc -no-pie -o linkbomb0 main.c phase0.c \n"); 14 | printf(" gcc -no-pie -o linkbomb main.c \n"); 15 | printf(" Are you ready to difuse linkbomb? gcc -no-pie -o linkbomb* main.c phase*.o \n"); 16 | } 17 | -------------------------------------------------------------------------------- /实验五代码/phase1.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/phase1.o -------------------------------------------------------------------------------- /实验五代码/phase2.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/phase2.o -------------------------------------------------------------------------------- /实验五代码/phase3.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/phase3.o -------------------------------------------------------------------------------- /实验五代码/phase4.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/phase4.o -------------------------------------------------------------------------------- /实验五代码/phase5.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/phase5.o -------------------------------------------------------------------------------- /实验五代码/phase6.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/phase6.o -------------------------------------------------------------------------------- /实验五代码/phase6_path.c: -------------------------------------------------------------------------------- 1 | #include 2 | void f(); 3 | extern void (*myprint)(); 4 | 5 | void (*myprint)() = f; 6 | 7 | void f(){ 8 | printf("U202215643\n"); 9 | } 10 | 11 | //void (*myprint)() ; 12 | -------------------------------------------------------------------------------- /实验五代码/phase6_path.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/phase6_path.o -------------------------------------------------------------------------------- /实验五代码/phase7.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验五代码/phase7.o -------------------------------------------------------------------------------- /实验四_缓冲区溢出攻击.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/实验四_缓冲区溢出攻击.docx -------------------------------------------------------------------------------- /实验四代码/bang.s: -------------------------------------------------------------------------------- 1 | mov 0x0c0d90db, %eax 2 | mov $0x804c08c, %ecx 3 | mov %eax, (%ecx) 4 | push 0x080493f6 5 | 6 | mov (0x250d3ee8),%eax 7 | mov %eax,(0x804c218) 8 | push 0x080493f6 9 | 10 | ret 11 | 12 | -------------------------------------------------------------------------------- /实验四代码/bang_hex.txt: -------------------------------------------------------------------------------- 1 | b8 db 90 0d 2 | 0c b9 8c c0 3 | 04 08 89 01 4 | 68 f6 93 04 5 | 08 c3 00 00 6 | 00 00 00 00 7 | 00 00 00 00 8 | 00 00 00 00 9 | 00 00 00 00 10 | 00 00 00 00 11 | 00 00 00 00 12 | 00 00 00 00 13 | 00 00 00 00 14 | 00 00 d6 ce 15 | ff ff 16 | 17 | /* 18 | 76 ce ff ff 19 | */ 20 | -------------------------------------------------------------------------------- /实验四代码/bomb.s: -------------------------------------------------------------------------------- 1 | mov $0xc0d90db, %eax 2 | push $0x08049503 3 | ret 4 | -------------------------------------------------------------------------------- /实验四代码/boom_hex.txt: -------------------------------------------------------------------------------- 1 | /* 2 | b8 db 90 0d 3 | 0c 68 03 95 4 | 04 08 c3 03 5 | 95 04 08 c3 6 | 00 00 00 00 7 | 00 00 00 00 8 | 00 00 00 00 9 | 00 00 00 00 10 | 63 6f 6d 70 75 74 65 72 11 | 00 00 b0 cf ff ff 00 c0 12 | 04 08 13 | 48 cf ff ff 14 | d6 ce ff ff 15 | */ 16 | 17 | b8 db 90 0d 18 | 0c 68 03 95 19 | 04 08 c3 03 20 | 95 04 08 c3 21 | 00 00 00 00 22 | 00 00 00 00 23 | 00 00 00 00 24 | 00 00 00 00 25 | 63 6f 6d 70 75 74 65 72 26 | 00 00 b0 cf ff ff 00 c0 27 | 04 08 28 | e8 ce ff ff 29 | 76 ce ff ff 30 | -------------------------------------------------------------------------------- /实验四代码/fizz_hex.txt: -------------------------------------------------------------------------------- 1 | 00 00 00 00 2 | 00 00 00 00 3 | 00 00 00 00 4 | 00 00 00 00 5 | 00 00 00 00 6 | 00 00 00 00 7 | 00 00 00 00 8 | 00 00 00 00 9 | 00 00 00 00 10 | 00 00 00 00 11 | 00 00 00 00 12 | 00 00 00 00 13 | 00 00 00 00 14 | 00 00 a3 93 15 | 04 08 00 00 16 | 00 00 db 90 17 | 0d 0c /* cookie */ 18 | 19 | 20 | -------------------------------------------------------------------------------- /实验四代码/smoke_hex.txt: -------------------------------------------------------------------------------- 1 | 00 00 00 00 2 | 00 00 00 00 3 | 00 00 00 00 4 | 00 00 00 00 5 | 00 00 00 00 6 | 00 00 00 00 7 | 00 00 00 00 8 | 00 00 00 00 9 | 00 00 00 00 10 | 00 00 00 00 11 | 00 00 00 00 12 | 00 00 00 00 13 | 00 00 00 00 14 | 00 00 75 93 15 | 04 08 16 | 17 | -------------------------------------------------------------------------------- /封面.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/封面.docx -------------------------------------------------------------------------------- /新建文件夹/linkbomb6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/新建文件夹/linkbomb6 -------------------------------------------------------------------------------- /新建文件夹/linkbomb7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/新建文件夹/linkbomb7 -------------------------------------------------------------------------------- /新建文件夹/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | void (*phase)(int i); // 定义了一个函数指针 6 | 7 | int gencookie(char *s) 8 | { 9 | if (strlen(s) !=10) { 10 | printf("length of userid must be 10. \n"); 11 | return 0; 12 | } 13 | if (s[0] !='U' && s[0] !='u') { 14 | printf("student id satrt with U. \n"); 15 | return 0; 16 | } 17 | for(int i=1;i<10;i++) 18 | if (s[i]<'0' || s[i]>'9') { 19 | printf("stuid must be digitals. \n"); 20 | return 0; 21 | } 22 | return 5+atoi(s+9); 23 | } 24 | 25 | int main(int argc, const char *argv[]) 26 | { 27 | int cookie; 28 | char stuid[12]; 29 | printf("please input you stuid : "); 30 | scanf("%s",stuid); 31 | cookie = gencookie(stuid); 32 | 33 | if (phase) 34 | (*phase)(cookie); 35 | else { 36 | printf("Welcome to linkbomb \n"); 37 | printf("You should modify phase1.o, phase2.o ....\n"); 38 | printf("execute : gcc -no-pie -o linkbomb1 main.o phase1.o \n"); 39 | printf("execute : ./linkbomb1 \n"); 40 | } 41 | printf("Bye Bye !\n"); 42 | return 0; 43 | } 44 | -------------------------------------------------------------------------------- /新建文件夹/main.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/新建文件夹/main.o -------------------------------------------------------------------------------- /新建文件夹/phase6.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/新建文件夹/phase6.o -------------------------------------------------------------------------------- /新建文件夹/phase6_patch.c: -------------------------------------------------------------------------------- 1 | #include 2 | extern void (*myprint)(); 3 | void f(){ 4 | printf("U202215631"); 5 | } 6 | void(*myprint)()=f; 7 | -------------------------------------------------------------------------------- /新建文件夹/phase6_patch.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/新建文件夹/phase6_patch.o -------------------------------------------------------------------------------- /新建文件夹/phase7.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niuniu0101/Introduction-to-Computer-System/ace70ab0be5f68678c360aad3a85040b29ca8c41/新建文件夹/phase7.o --------------------------------------------------------------------------------