code execution

Question 1

Program memory stack

Answer 1

Text segment: Stores the program’s executable code; usually read-only.

Data segment: Holds static/global variables that are initialized.

BSS segment: Contains uninitialized static/global variables, set to zero by OS.

Heap: Used for dynamic memory allocation (managed by malloc, free, etc.).

Stack: Stores local variables and function call info (return address, arguments).

Answer 2

EIP (Instruction Pointer): Holds the memory address to return to after the current function finishes.

EBP (Base Pointer): Acts as a reference point for the stack during function execution.

Both are 32-bit registers on 32-bit systems; called RIP and RBP on 64-bit systems.

Each register is 4 bytes and stores addresses like 0x666574c9.

Address bytes are stored differently depending on system endianness:

Big endian: bytes stored in order \x66\x65\x74\xc9

Little endian: bytes stored reversed as \xc9\x74\x65\x66

Question 3

Consequences of Buffer Overflow

Answer 3

Overwriting return address with a different address can point to :
* Invalid instruction
* Non-existing address
* Access violation
* Attacker’s code

Question 4

Countermeasures

Answer 4

Developer approaches:

Use safer functions (like strncpy_s(), strncat_s()) that limit how much data is copied to avoid buffer overflows.

Use safer dynamic link libraries that check data length before copying to prevent memory corruption.

OS approaches:

ASLR (Address Space Layout Randomization): Randomly changes memory addresses where programs and libraries load, making it harder for attackers to predict where to inject malicious code.

Compiler approaches:

Stack-Guard: Adds extra checks (called canaries) on the stack to detect if a buffer overflow has occurred before function return, helping prevent exploitation.

Hardware approaches:

Non-Executable Stack: Marks the stack memory as non-executable so even if an attacker injects code there, it cannot be run.