Vulnerability Development mailing list archives
Re: Studying buffer overflows [maybe OT]
From: Eric LeBlanc <inouk () toutatis igt net>
Date: Tue, 9 Apr 2002 08:56:27 -0400 (EDT)
When you don't pass parameters (ie: f(1)), you must add 4 of more in
addition to pointing to the return address. (even if you have 2, 3 or more
of parameters, it's alway 4)
Here the code:
void
f()
{
char a[4];
int *b;
b = a + 12;
*b += 0x8;
}
void
main()
{
int x;
x = 0;
f();
x = 1;
printf("%d\n", x);
}
To know why, read the dissassembler code from gdb, the answer is in here
:-)
Eric
On Mon, 8 Apr 2002, darko wrote:
Hi all,
I've started to study buffer overflows. I wrote the following code:
void f() {
char a[4];
int *b;
b = a + 0x8;
(*b) += 0x8;
}
main() {
int x;
x = 0;
f();
x = 1;
printf("%d\n", x);
}
I want, after the call to f(), the program jump to printf() so the value of x
should remain 0, not 1. I always get segmentation faults, bus errors, etc.
and never that fuc*ing "x = 0" !!
Tested on a Celeron 433, red hat 7.2, gcc 2.96.
byez
darko
Current thread:
- Studying buffer overflows [maybe OT] darko (Apr 08)
- Re: Studying buffer overflows [maybe OT] circut (Apr 09)
- Re: Studying buffer overflows [maybe OT] Larry W. Cashdollar (Apr 09)
- Re: Studying buffer overflows [maybe OT] Jason Barbour (Apr 09)
- Re: Studying buffer overflows [maybe OT] Syzop (Apr 09)
- Re: Studying buffer overflows [maybe OT] Guillaume Morin (Apr 09)
- Re: Studying buffer overflows [maybe OT] Eric LeBlanc (Apr 09)
- Re: Studying buffer overflows [maybe OT] nocon (Apr 10)
- Re: Studying buffer overflows [maybe OT] Jan Kluka (Apr 09)
- Re: Studying buffer overflows [maybe OT] SpaceWalker (Apr 09)
- Re: Studying buffer overflows [maybe OT] Matthew Kauffman (Apr 09)
- Re: Studying buffer overflows [maybe OT] Rafal Rajs (Apr 09)
- Re: Studying buffer overflows [maybe OT] Eric LeBlanc (Apr 09)
- <Possible follow-ups>
- Re: Studying buffer overflows [maybe OT] Nasko Oskov (Apr 09)
- Re: Studying buffer overflows [maybe OT] brien mac (Apr 10)
- Re: Studying buffer overflows [maybe OT] circut (Apr 09)
