|
Vulnerability Development
mailing list archives
Re: heap overflows
From: "Vlad902" <vlad () sig11 zemos net>
Date: Thu, 26 Feb 2004 17:53:33 -0000
printf("copied");
free(malloced_buffer1);
free(malloced_buffer2);
This part of the code is incorrect, you're depending
on the first chunk to hold your shellcode, and you
are freeing it before you overwrite the GOT with the
free(malloced_buffer2);. Also you don't a printf();
statement after the free(malloced_buffer2); so it
never returns to the shellcode (if it was there)! I
recommend you remove the free(malloced_buffer1); and
instead of messing with the GOT instead instead just
overwrite __DTOR_END__ and be lazy :)
You may also just for debugging purposes add a
"xccxcc" instead of "xebx0c", which will make
it a trace/breakpoint trap, so that if it ever
hits it, your program will stop with a
trace/breakpoint trap and will core dump, so you
know it is hitting the shellcode.
 By Date 
By Thread
Current thread:
|
Intro
