Vulnerability Development mailing list archives
Re: Studying buffer overflows [maybe OT]
From: Guillaume Morin <guillaume () morinfr org>
Date: Tue, 9 Apr 2002 12:37:34 +0200
Dans un message du 08 avr à 23:21, darko écrivait :
I've started to study buffer overflows. I wrote the following code:
void f() {
char a[4];
int *b;
b = a + 0x8;
(*b) += 0x8;
}
main() {
int x;
x = 0;
f();
x = 1;
printf("%d\n", x);
}
I want, after the call to f(), the program jump to printf() so the
value of x should remain 0, not 1. I always get segmentation faults,
bus errors, etc. and never that fuc*ing "x = 0" !! Tested on a
Celeron 433, red hat 7.2, gcc 2.96.
It depends on your compiler.
If I compile this program on an x86 box with gcc 2.95.2, I get
(using objdump -d on the binary)
80483fa: c7 45 fc 00 00 00 00 movl $0x0,0xfffffffc(%ebp)
8048401: e8 ce ff ff ff call 80483d4 <f>
8048406: c7 45 fc 01 00 00 00 movl $0x1,0xfffffffc(%ebp)
804840d: 83 c4 f8 add $0xfffffff8,%esp
you want to skip 8049406, so you have to add 7 to the return value.
If I modify (*b) += 0x8; to (*b) += 7;, I get :
guillaum@cedar ~$ ./foo
0
guillaum@cedar ~$
HTH.
--
Guillaume Morin <guillaume () morinfr org>
Justice is lost, Justice is raped, Justice is done. (Metallica)
Current thread:
- Studying buffer overflows [maybe OT] darko (Apr 08)
- Re: Studying buffer overflows [maybe OT] circut (Apr 09)
- Re: Studying buffer overflows [maybe OT] Larry W. Cashdollar (Apr 09)
- Re: Studying buffer overflows [maybe OT] Jason Barbour (Apr 09)
- Re: Studying buffer overflows [maybe OT] Syzop (Apr 09)
- Re: Studying buffer overflows [maybe OT] Guillaume Morin (Apr 09)
- Re: Studying buffer overflows [maybe OT] Eric LeBlanc (Apr 09)
- Re: Studying buffer overflows [maybe OT] nocon (Apr 10)
- Re: Studying buffer overflows [maybe OT] Jan Kluka (Apr 09)
- Re: Studying buffer overflows [maybe OT] SpaceWalker (Apr 09)
- Re: Studying buffer overflows [maybe OT] Matthew Kauffman (Apr 09)
- Re: Studying buffer overflows [maybe OT] Rafal Rajs (Apr 09)
- Re: Studying buffer overflows [maybe OT] Eric LeBlanc (Apr 09)
- <Possible follow-ups>
- Re: Studying buffer overflows [maybe OT] Nasko Oskov (Apr 09)
- Re: Studying buffer overflows [maybe OT] brien mac (Apr 10)
- Re: Studying buffer overflows [maybe OT] circut (Apr 09)
