Proj 13x: Windows Stack Protection I: Assembly Code (20 pts extra)

What You Need


You will write a small C program and compile it with and without stack protection. You'll examine the executable using IDA Pro and see the code that implements the stack cookie.

Downloading and Installing Visual C++ Build Tools


If you already have Visual C++ Build Tools installed, click the Start button, scroll to the V secton, expand "Visual Studion 2017", and click "Developer Command Prompt for VS 2017", as shown below.

Then skip to the "Making the pwd Program in C++" section, below on this page.

Open this page:

Click the "Download Build Tools" button, as shown below.

On the next page, in the "Build Tools for Visual Studio 2017" section, click the Download button, as shown below.

Save the vs_buildtools__935747363.1537797301.exe file in your Downloads folder.

Double-click the the vs_buildtools__935747363.1537797301.exe file.

A box pops up, as shown below.

Click Continue.

Wait while software downloads and installs, as shown below.

A large window appears, as shown below.

At the top left, click "Visual C++ build tools".

Click the Install button.

Wait while software downloads and installs., as shown below.

When the installation completes, you should see the screen shown below.

Click Launch. A Developer Command Prompt window opens, as shown below.

Making the pwd Program in C++

In the Developer Command Prompt window, execute these commands:
mkdir c:\127
cd c:\127
notepad pwd.cpp
A box pops up, asking "Do you want to create a new file?". Click Yes.

Enter this code, as shown below:

#include <iostream>  
using namespace std;  

int test_pw()
        char pin[10];
        int x=15, i;
        cout << "Enter password: ";
        cin >> pin; 
        for (i=0; i<10; i+=2) x = (x & pin[i]) | pin[i+1];
        if (x == 48) return 0;
        else return 1;

void main()
        if (test_pw()) printf("Fail!\n");
        else printf("You win!\n");

In Notepad, click File, Save.

In the Developer Command Prompt window, execute these commands:

copy pwd.cpp pwdn.cpp
cl /EHsc pwd.cpp
cl /EHsc /GS- pwdn.cpp
dir *.exe
Two versions of the program are produced. The "pwd.exe" program has stack protections, but "pwdc.exe" does not, so it's slightly smaller, as shown below.

Installing IDA Freeware

In a Web browser, go to:

Download and install the Windows version, as shown below.

Viewing pwd.exe in IDA

Double-click the "IDA Freeware" shortcut on your desktop.

In the "IDA: Quick start" box, click New, as shown below.

Navigate to the C:\127\pwd.exe file and double-click it.

In the "Load a new file" box, click OK.

IDA opens, showing some assembly code, as shown below.

From the IDA menu, click View, "Open subviews", Strings.

Double-click "Enter password", as shown below.

The .rdata section appears, showing stored strings. On the line containing "Enter password", find "DATA XREF". Point to the address after the "DATA XREF" marker, as highlighted in yellow in the image below, and double-click it.

The function prologue appears, with a line containing "security_cookie", as shown below.

Viewing pwdn.exe in IDA

Repeat the process to see the prologue for pwdn.exe.

The "security_cookie" line is gone, as shown below.

Viewing Opcode Bytes

From the IDA memu, click Options, General.

Enter a "Number of opcode bytes" of 6 as shown below. Then click OK.

Find the hexadecimal values covered by a green box in the image below. Enter them into the form below to record your success.

17. Recording Your Success (15 pts)

Use the form below to record your score in Canvas.

If you don't have a Canvas account, see the instructions here.

Name or Email:
Bytes like this: AA BB :

Posted: 10-27-18