All geek questions in one place

An explanation of specific security optimization is needed.

I read the book [rus] (sorry, I can not find the English version at the moment), written by Kris Kaspersky explains the philosophy and methods of software security.

There is one example in the book. It states that the code:

if ( ! IsValidUser() ) { Message("Invalid user! Abroting..."); Abort; }

absolutely unsafe because it translates to this:

  CALL IsValidUser OR AX,AX JZ continue ^^^^^^^^^^^^^ PUSH offset str_invalid_user CALL Message CALL Abort continue: ; normal program execution ...........

Thus, the program can be hacked by changing only one byte in the disassembler. If we change JZ continue to JMP continue , the check will fail.

Then Chris writes:

fixed version of the program in C:

 IsValidUser(); if (!true) { Message("Invalid user! Aborting..."); Abort; }

In this version, the {...} section will never gain control.

I really don't understand how the fixed version should work. Why does it use an if-statement that will never be executed, maybe even be deleted by the compiler?

Is this a typo or a mistake? Or am I not getting anything?

+6
source share
2 answers

It's your fault, not Chris. This is not a "safe version of the user verification code", but it is the code that is obtained after the fix introduced by the hacker

Quote from this book:

In C language, a fixed program will look like this:

Google translate:

C language changed (or fixed) the program will look like this:

+7
source

The author wanted to show β€œequivalent” code in C, which would represent an unconditional jump ( JMP continue ), replacing checking the original password with JZ continue . You are right that this code (in C) does not make sense, but it is only to illustrate what the hacker did.

+1
source

Source: https://habr.com/ru/post/949796/

More articles:


All Articles