Resending because this did not seem to get trough the first time.
secacc7_at_hotmail.com wrote:
> hope anybody can help me understand/learn.
>
You are probably using a newer version of gcc which is generating a
slightly different prologue/epilogue for main than you may be expecting.
You should disassemble your program to try to understand it, you will
probably see something like this:
prologue:
8048354: 8d 4c 24 04 lea ecx,[esp+4]
8048358: 83 e4 f0 and esp,0xfffffff0
804835b: ff 71 fc push DWORD PTR [ecx-4]
804835e: 55 push ebp
804835f: 89 e5 mov ebp,esp
8048361: 51 push ecx
<other stuff>
epilogue:
80483d2: 83 c4 54 add esp,0x54
80483d5: 59 pop ecx
80483d6: 5d pop ebp
80483d7: 8d 61 fc lea esp,[ecx-4]
80483da: c3 ret
In all likelihood you did overwrite eip, but you are crashing at the ret
because you have clobbered esp (at 80483d7 in this case). Note that you
did control ecx and ebp, thus you controlled esp as well. With a
properly structured buffer, this is still exploitable. Try using the
following program instead to make things a little easier:
#include <string.h>
void vuln() {
char buffer[10];
char COPY[]="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...";
strcpy((char *)buffer,(char *)COPY);
}
void main() {
vuln();
}
FYI, it also looks like you may have stack randomization turned on. You
will probably want to disable any stack protections you are using if
you want to play around with stack overflows.
Chris
Received on Nov 05 2007
Intro
