Security Basics mailing list archives
Re: Buffer Overflow problem
From: Krzysztof Godlewski <kgodlewski () interia pl>
Date: Mon, 10 May 2004 21:14:06 +0200
Dnia pon 10. maja 2004 06:28, John Vill napisaĆ:
Thanks for the reply, Krzysztof. My return address isnt incorrectly aligned as it is being put into the EIP the right way as I see it with the info registers in gdb. If I add or subtract a NOP or two "00" gets added to the beginning or end of the address. For example 0xfff94b00 or 0x00bffff9 where my address is 0xbffff94b. Or maybe it is the problem and Im just not understanding correctly?
Again... Try adding about 50 bytes to your return address - this should jump somwhere inside the NOP padding. And write retaddr more times above the buffer, then use 0-3 bytes of padding. Did you look at the link to phrack.org article another person posted? Maybe reading the article would help a bit?
I used this exact method for overflowing a larger buffer (500 or so) and it works fine. I do not know why im getting Illegal Instruction. The address Im using is from: unsigned long sp(){ __asm__("movl %esp, %eax"); } I run that to get the addr and use that address.
Not the exact addr? You have substract from it a bit, use an offset etc. Remember that esp in 'exploited' app will be a different, because of the command line argument lenght, which is also passed through the stack to your prog.
everything... Can anyone tell me what "Illegal Instruction" is exactly? This is frustrating =P
I think this is exactly what is says :) The CPU encountered an instruction it cannot handle. It means you wrote over some code and weren't lucky enough for the code to be valid cpu instructions. That could mean that you're writing too far (If I'm not mistaken). Krzysztof Godlewski --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Buffer Overflow problem John Vill (May 06)
- Re: Buffer Overflow problem Krzysztof Godlewski (May 07)
- <Possible follow-ups>
- RE: Buffer Overflow problem Steven Trewick (May 07)
- RE: Buffer Overflow problem Shaun Colley (May 10)
- Re: Buffer Overflow problem John Vill (May 10)
- Re: Buffer Overflow problem Krzysztof Godlewski (May 10)
- RE: Buffer Overflow problem John Vill (May 11)
- RE: Buffer Overflow problem JTH (May 12)