c - buffer overflow problem -

-

after reference this website, want simulate simple buffer overflow bug
environment ubuntu 10.10
gcc version 4.4.5
download execstack enable executable stack of file.
following code

char code[] = "\x90\x90\x90\x6a\x00\xe8\x39\x07\x00\x00\x90\x90\x90";< char msg[] = "run !!\n"; int main() {           int *ptr;           int i;        for(i=1;i<128;i++){                ptr = (int *)&ptr + i;           (*ptr) = (int)code;         }           return 0; }

i use gcc -fno-stack-protector -g -static -o main.out main.c compile source code.
when use gdb debug executable file,
weird happened.
here gdb output looks like:

(gdb) x/i 0x8048492    0x8048492 <__libc_start_main+402>:   call   0x8048bd0 <exit> (gdb) x/5b 0x8048492 0x8048492 <__libc_start_main+402>:  0xe8    0x39    0x07    0x00    0x00 (gdb) x/i 0x80ce02e    0x80ce02e <code+6>:  call   0x80ce76c <_dlfcn_hooks+44> (gdb) x/5b 0x80ce02e 0x80ce02e <code+6>: 0xe8    0x39    0x07    0x00    0x00

it seems the pattern of these 2 address same, instructions different.
can me , explain why happen.
lot!

you have buffer overflow sure, line 

 (*ptr) = (int)code;

stores address of code in each location, not content of code array.


Comments

Post a Comment

Popular posts from this blog

objective c - Change font of selected text in UITextView -

-
can suggest me how change font of selected text in uitextview.i cannot use uiwebview since have edit text. have seen pages app.how possible in app. see formatting text within uilabel differently . since need editing, should @ javascript-based editors such ckeditor or tinymce . highly recommend wwdc 2011 video session 511: "rich text editing in safari on ios."
Read more

php - Accessing POST data in Facebook cavas app -

-
so i've got simple form in canvas / iframe facebook app, , i'm trying pass along values post. reading on s.o. , fb's latest docs, understand it, data send via post form can accessed on receiving end $_request object. i read on thread on s.o. in order post forms work need pass along input named "signed_request" value current signed_request (i have signed request working ok otherwise...all login , authentication stuff working fine). isnt mentioned anywhere in official fb docs. so problem comes in $_request object signed request, , bunch of other session stuff. form inputs found. the way can read them set method of form "request" isn't real form method. takes of inputs , sends them args in url. horrible. here's sample page canvas app form i'm using try debug (leaving out authentication stuff): <form enctype="application/x-www-form-urlencoded" method="post" target="_top" id="my_form" action=...
Read more

c# - Getting control value when switching a view as part of a multiview -

-
i have following code in aspx page: <asp:button id="display_button" runat="server" text="display" onclick="button1_click" /> &nbsp; <asp:button id="edit_button" runat="server" text="edit" onclick="button2_click" /> &nbsp; <asp:button id="save_button" runat="server" text="save" onclick="button3_click" visible="false" /> &nbsp; <asp:multiview id="multiview1" runat="server" activeviewindex="0"> <asp:view id="view1" runat="server"> <asp:formview id="view_program" runat="server"> <itemtemplate> <%# eval("status").tostring().trim() %> </itemtemplate> </asp:formview> </asp:view> <asp:view id="view2" runat="server"> ...
Read more