|
Vulnerability Development
mailing list archives
Re: argc issue
From: "mike davis" <lists () stonedcoder org>
Date: Thu, 25 May 2006 13:53:20 -0400
the trick here is to use a wrapper program to that calls the executable
without *any arguments* including argv[0]
at that point argc == 0 argv[0] == NULL
and argv[1] is somewhere in the the environmental variables..
and.. as an asside, when playing wargames.. its usually best not to cheat or
you really get nothing out of it.
-phar
----- Original Message -----
From: <padre () correo ugr es>
To: <vuln-dev () securityfocus com>
Sent: Tuesday, May 23, 2006 1:51 PM
Subject: argc issue
hi!
i' ve a code thats looks like:
------------------- code ----------------------
int main (int argc, char **argv)
{
char *a;
char *b;
a=malloc(char *)(100);
b=malloc(char *)(100);
if (argc)
exit (-1);
else {
strcpy(a,argv[1]);
}
free (a);
return 0;
}
---------------- code ---------------------------
I contais an explotable heap overflow. I can overwrite b's chunk head so I
can write into DTOR_END the addr i want.
But the main issue is " if (argc) exit(0);" . How can I change the argc
variable so it contais the value of 0?.
thanks and srry for my poor english :(
 By Date 
By Thread
Current thread:
|
Intro
