Vuln Dev
buffer overflow - basic help needed (aleph1) Mar 14 2007 10:16PM
learn lids (learnlids yahoo com)
hi list,

i am learning bof, and am confused with how to move
ahead, any pointers would be great. sorry if the
question is too basic, i am a learner...

1> my system:: fedora core 6, { Kernel
2.6.18-1.2798.fc6 on an x86_64 }
2> program used - example3.c from aleph1's smashing
the stack
------example3.c---------------
void function(int a, int b, int c) {
char buffer1[5];
char buffer2[10];
int *ret;
ret = buffer1 + 12;
(*ret) += 12;
}
void main() {
int x;
x = 0;
function(1,2,3);
x = 1;
printf("%d\n",x);
}
--------------------------------------
3> problem i am facing -
i am trying to skip the x=1 statement so that the
printf will show x=0. i did a gdb disassembly of main
with the following result -
===========
(gdb) disassemble main
Dump of assembler code for function main:
0x00000000004004a2 <main+0>: push %rbp
0x00000000004004a3 <main+1>: mov %rsp,%rbp
0x00000000004004a6 <main+4>: sub $0x10,%rsp
0x00000000004004aa <main+8>: movl
$0x0,0xfffffffffffffffc(%rbp)
0x00000000004004b1 <main+15>: mov $0x3,%edx
0x00000000004004b6 <main+20>: mov $0x2,%esi
0x00000000004004bb <main+25>: mov $0x1,%edi
0x00000000004004c0 <main+30>: callq 0x400478
<function>
0x00000000004004c5 <main+35>: movl
$0x1,0xfffffffffffffffc(%rbp)
0x00000000004004cc <main+42>: mov
0xfffffffffffffffc(%rbp),%esi
0x00000000004004cf <main+45>: mov $0x4005f8,%edi
0x00000000004004d4 <main+50>: mov $0x0,%eax
0x00000000004004d9 <main+55>: callq 0x400398
<printf@plt>
0x00000000004004de <main+60>: movl
$0x9,0xfffffffffffffffc(%rbp)
0x00000000004004e5 <main+67>: mov
0xfffffffffffffffc(%rbp),%esi
0x00000000004004e8 <main+70>: mov $0x4005f8,%edi
0x00000000004004ed <main+75>: mov $0x0,%eax
0x00000000004004f2 <main+80>: callq 0x400398
<printf@plt>
0x00000000004004f7 <main+85>: leaveq
0x00000000004004f8 <main+86>: retq
=============
i need to skip 12 bytes after the 'call function', and
hence i am incrementing *ret by 12.

when i run the prog, "1" is still displayed. where am
i going wrong?

thanks

- ll

________________________________________________________________________
____________
Be a PS3 game guru.
Get your game face on with the latest PS3 news and previews at Yahoo! Games.
http://videogames.yahoo.com/platform?platform=120121

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus