EXPERIMENT NO:9

Aim: ​Simulate buffer overflow attack using Ollydbg, Splint, Cppcheck etc

Theory:
In ​information security​ and p
​ rogramming​, a buffer overflow, or buffer overrun, is an ​anomaly
where a ​program​, while writing ​data​ to a ​buffer​, overruns the buffer's boundary and ​overwrites​ adjacent
memory​ locations.A buffer overflow occurs when ​data​ written to a buffer also corrupts data values in
memory addresses​ adjacent to the destination buffer due to insufficient ​bounds checking​. This can occur
when copying data from one buffer to another without first checking that the data fits within the destination
buffer.

1. Cppcheck ​:
Cppcheck is a tool for static C/C++ code analysis (CLI).
Cppcheck is a command- line tool that tries to detect bugs that your C/C++
compiler doesn't see. It is versatile, and can check non-standard code
including various compiler extensions, inline assembly code, etc. Its internal
preprocessor can handle includes, macros, and several pre-processor
commands. While Cppcheck is highly configurable, you can start using it
just by giving it a path to the source code.

It includes checks for:

1. pointers to out-of-scope auto variables;
2. assignment of auto variables to an effective parameter of a function;
3. out-of-bounds errors in arrays and STL;
4. missing class constructors;
5. variables not initialized by a constructor;
6. Use of memset, memcpy, etcetera on a class;
7. non-virtual destructors for base classes;
8. operator= not returning a constant reference to itself

2.OllyDbg:
​OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on
binary code analysis makes it particularly useful in cases where source is unavailable.

Features:
● Intuitive user interface, no cryptical commands
● Code analysis – traces registers, recognizes procedures, loops, API calls, switches, tables,
constants and strings
● Directly loads and debugs DLLs
● Object file scanning – locates routines from object files and libraries
● Allows for user-defined labels, comments and function descriptions
● Understands debugging information in Borland format
● Saves patches between sessions, writes them back to executable file and updates fixups
● Open architecture – many third-party plugins are available
● No installation – no trash in registry or system directories
● Debugs multi threaded applications
● Attaches to running programs
 ● Configurable disassembler, supports both MASM and IDEAL formats

3. Splint:
Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes.
With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to
programs, Splint can perform stronger checking than can be done by any standard lint.

Conclusion:
Software vulnerabilities causing buffer overflow are studied and detected using
Ollydbg, Splint and cppcheck.
Code :
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main(int argc, char *argv[])

{
char buffer[5];
if (argc < 1)
{
printf("Syntax: %s <characters>\n", argv[0]);
exit(0);
}
strcpy(buffer, argv[1]);
printf("buffer content= %s\n", buffer);

// you may want to try strcpy_s()

printf("strcpy() executed...\n");

return 0;
}

Output :

Successful Execution -

Buffer Overflow -