DEF CON 8 - Ghandi - Dot-Com Smashing: Buffer Overflows on the SPARC





The interactive transcript could not be loaded.


Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Feb 25, 2014

Ghandi - Dot-Com Smashing: Buffer Overflows on the SPARC

The talk/demonstration is intended for audiences familiar with assembly language and/or stack-based buffer overflows on other architectures (most probably Intel).

The topics aren't really anything new, I would just like to present them with the focus on a different processor/paradigm than Intel to better define the concepts in use. I will be covering SPARC assembly language on a fairly low level.

- Introduction to SPARC assembly
- RISC, LOAD/STORE architecture
- Register windows, Allocating space on the stack
- SPARC subroutine calling conventions, How the code we're attacking will look
- Leaf procedure optimization, How to write optimized assembly
- Unix system calls from assembly language, Overview of traps
- Hand assembling instructions, Conversion to hex, Testing hex-encoded instructions in C __asm__ blocks

- Using GDB (Gnu Debugger) and ADB (Absolute Debugger), Disassembling compiled code, assembling instructions to hexadecimal (faster than by hand), Patching executables, Examining the stack of a running process, Altering the stack/return address

- Hand-crafting shellcode, Basics, Basic shellcode, Intermediate shellcode, Advanced shellcode
- Delivering the payload
- Bonus topics (time permitting)

ghandi is a a Computer Science student beginning work on distributed, interactive environments (ala FreeNet or Stephenson's Metaverse) for an departmental honors project. I also work as a System Administrator at a web startup managing Sun clusters, FreeBSD servers, and Linux workstations.

DEF CON 8.0 was held July 28th - 30th, 2000, in Las Vegas, Nevada USA


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...