Home page logo

pen-test logo Penetration Testing mailing list archives

buffer overflow - basic help needed (aleph1)
From: learn lids <learnlids () yahoo com>
Date: Tue, 13 Mar 2007 12:39:15 -0700 (PDT)

hi list,

i am learning bof, and am confused with how to move
ahead, any help would be great.

1> my system:: fedora core 6, { Kernel
2.6.18-1.2798.fc6 on an x86_64 }
2> program used - example3.c from aleph1's smashing
the stack
void function(int a, int b, int c) {
char buffer1[5];
char buffer2[10];
int *ret;
ret = buffer1 + 12;
(*ret) += 12;
void main() {
int x;
x = 0;
x = 1;
3> problem i am facing -
i am trying to skip the x=1 statement so that the
printf will show x=0. i did a gdb disassembly of main
with the following result -
(gdb) disassemble main
Dump of assembler code for function main:
0x00000000004004a2 <main+0>:    push   %rbp
0x00000000004004a3 <main+1>:    mov    %rsp,%rbp
0x00000000004004a6 <main+4>:    sub    $0x10,%rsp
0x00000000004004aa <main+8>:    movl  
0x00000000004004b1 <main+15>:   mov    $0x3,%edx
0x00000000004004b6 <main+20>:   mov    $0x2,%esi
0x00000000004004bb <main+25>:   mov    $0x1,%edi
0x00000000004004c0 <main+30>:   callq  0x400478
0x00000000004004c5 <main+35>:   movl  
0x00000000004004cc <main+42>:   mov   
0x00000000004004cf <main+45>:   mov    $0x4005f8,%edi
0x00000000004004d4 <main+50>:   mov    $0x0,%eax
0x00000000004004d9 <main+55>:   callq  0x400398
<printf () plt>
0x00000000004004de <main+60>:   movl  
0x00000000004004e5 <main+67>:   mov   
0x00000000004004e8 <main+70>:   mov    $0x4005f8,%edi
0x00000000004004ed <main+75>:   mov    $0x0,%eax
0x00000000004004f2 <main+80>:   callq  0x400398
<printf () plt>
0x00000000004004f7 <main+85>:   leaveq
0x00000000004004f8 <main+86>:   retq
i need to skip 12 bytes after the 'call function', and
hence i am incrementing *ret by 8.

when i run the prog, "1" is still displayed. where am
i going wrong?


- ll 

Food fight? Enjoy some healthy debate 
in the Yahoo! Answers Food & Drink Q&A.

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.


  By Date           By Thread  

Current thread:
  • buffer overflow - basic help needed (aleph1) learn lids (Mar 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]