Sec24_06_Format_String_Updated.pdf

Black hat vs white hat.

Control Flow Hijacks

• Buffer/integer overflow
• Format string vulns
• Use after free

Executing Syscalls

syscall number into eax

arg1 in ebx

arg2 ecx

arg3 edx

interrupt 0x80

Use nop sled for slack

Format String Attacks