[21:00:fabin_at_debian:buffer_overflow]$ gdb ./overflow
GNU gdb 6.1-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-linux"...Using host libthread_db
library "/lib/libthread_db.so.1".
(gdb) b main
Breakpoint 1 at 0x8048394: file overflow.c, line 3.
(gdb) r
Starting program: /home/fabin/documents/c/buffer_overflow/overflow
Breakpoint 1, main () at overflow.c:3
3 strcpy (str1,
(gdb) print str1
$1 = " 6\025@\020\204\004\bD\uffff"
(gdb) x /50 str1
0xbffff9d0: 0x40153620 0x08048410 0xbffffa44 0x40153620
0xbffff9e0: 0x400164a0 0xbffffa44 0xbffffa18 0x40039dc6
0xbffff9f0: 0x00000001 0xbffffa44 0xbffffa4c 0x080482c0
0xbffffa00: 0x00000000 0x4000bbe0 0x40154b10 0x40016c00
0xbffffa10: 0x00000001 0x080482c0 0x00000000 0x080482e1
0xbffffa20: 0x08048384 0x00000001 0xbffffa44 0x080483b0
0xbffffa30: 0x08048410 0x4000c290 0xbffffa3c 0x00000000
0xbffffa40: 0x00000001 0xbffffb36 0x00000000 0xbffffb67
0xbffffa50: 0xbffffb77 0xbffffb82 0xbffffbbc 0xbffffbce
0xbffffa60: 0xbffffbd9 0xbffffe0e 0xbffffe3e 0xbffffe4d
0xbffffa70: 0xbffffe7d 0xbffffe88 0xbffffeda 0xbffffef0
0xbffffa80: 0xbffffefc 0xbfffff28 0xbfffff31 0xbfffff42
0xbffffa90: 0xbfffff4a 0xbfffff5b
(gdb) n
6 }
(gdb) print str1
$2 = "AAAAAAAAAA"
(gdb) x /50 str1
0xbffff9d0: 0x41414141 0x41414141 0x41414141 0x41414141
0xbffff9e0: 0x41414141 0x41414141 0x41414141 0x41414141
0xbffff9f0: 0x41414141 0x41414141 0x41414141 0x41414141
0xbffffa00: 0x41414141 0x41414141 0x41414141 0x41414141
0xbffffa10: 0x41414141 0x41414141 0x41414141 0x41414141
0xbffffa20: 0x00414141 0x00000001 0xbffffa44 0x080483b0
0xbffffa30: 0x08048410 0x4000c290 0xbffffa3c 0x00000000
0xbffffa40: 0x00000001 0xbffffb36 0x00000000 0xbffffb67
0xbffffa50: 0xbffffb77 0xbffffb82 0xbffffbbc 0xbffffbce
0xbffffa60: 0xbffffbd9 0xbffffe0e 0xbffffe3e 0xbffffe4d
0xbffffa70: 0xbffffe7d 0xbffffe88 0xbffffeda 0xbffffef0
0xbffffa80: 0xbffffefc 0xbfffff28 0xbfffff31 0xbfffff42
0xbffffa90: 0xbfffff4a 0xbfffff5b
(gdb)
This is the detailed output that can be obtained with your example code.
Try to get one like this in SUSE.
Robert Hudock wrote:
>Question:
>
>For some reason on suse 10.0 and 10.1 I cannot overflow the buffer so as
>to overwrite EIP no matter what. The attached code is a very simple
>example to illustrate my issue. Basically the following is what I get
>when the program segfaults on SuSE 10.1.
>
>However, the attached program produced the expected results 0x41414141
>in main () on FreeBSD versions 5.3 and 6.1, on redhat 7.2
>
>Any ideas why this is happening?
>
>-----------------------------------
>plato_at_zion:~> gdb ./overflow
>GNU gdb 6.4
>Copyright 2005 Free Software Foundation, Inc.
>GDB is free software, covered by the GNU General Public License, and you
>are
>welcome to change it and/or distribute copies of it under certain
>conditions.
>Type "show copying" to see the conditions.
>There is absolutely no warranty for GDB. Type "show warranty" for
>details.
>This GDB was configured as "x86_64-suse-linux"...Using host libthread_db
>library "/lib64/libthread_db.so.1".
>
>(gdb) run
>Starting program: /home/plato/overflow
>warning: Lowest section in system-supplied DSO at 0xffffe000 is .hash at
>ffffe0b4
>
>Program received signal SIGSEGV, Segmentation fault.
>0x080483ec in main () at overflow.c:6
>6 }
>(gdb)
>
>------------------------------------------
>
>
>Regards,
>
>Robert Hudock
>
>
>------------------------------------------------------------------------
>
>main () {
>char str1[10];
>strcpy (str1,
>"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
>
>}
>
>
Received on Jun 26 2006
Intro
