Security Basics mailing list archives

Re: Buffer Overflow problem

From: Krzysztof Godlewski <kgodlewski () interia pl>
Date: Mon, 10 May 2004 21:14:06 +0200

Dnia pon 10. maja 2004 06:28, John Vill napisał:

Thanks for the reply, Krzysztof. My return address isnt incorrectly aligned
as it is being put into the EIP the right way as I see it with the info
registers in gdb. If I add or subtract a NOP or two "00" gets added to the
beginning or end of the address. For example 0xfff94b00 or 0x00bffff9 where
my address is 0xbffff94b. Or maybe it is the problem and Im just not
understanding correctly?


Again... Try adding about 50 bytes to your return address - this should jump 
somwhere inside the NOP padding. And write retaddr more times above the 
buffer, then use 0-3 bytes of padding. Did you look at the link to phrack.org 
article another person posted? Maybe reading the article would help a bit?

I used this exact method for overflowing a larger buffer (500 or so) and it
works fine. I do not know why im getting Illegal Instruction. The address
Im using is from:
       unsigned long sp(){ __asm__("movl %esp, %eax"); }
I run that to get the addr and use that address.


Not the exact addr? You have substract from it a bit, use an offset etc. 
Remember that esp in 'exploited' app will be a different, because of the 
command line argument lenght, which is also passed through the stack to your 
prog.

everything... Can anyone tell me what "Illegal Instruction" is exactly?
This is frustrating =P


I think this is exactly what is says :) The CPU encountered an instruction it 
cannot handle. It means you wrote over some code and weren't lucky enough for 
the code to be valid cpu instructions. That could mean that you're writing 
too far (If I'm not mistaken).

Krzysztof Godlewski


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Buffer Overflow problem John Vill (May 06)
- Re: Buffer Overflow problem Krzysztof Godlewski (May 07)
- <Possible follow-ups>
- RE: Buffer Overflow problem Steven Trewick (May 07)
  - RE: Buffer Overflow problem Shaun Colley (May 10)
- Re: Buffer Overflow problem John Vill (May 10)
  - Re: Buffer Overflow problem Krzysztof Godlewski (May 10)
- RE: Buffer Overflow problem John Vill (May 11)
  - RE: Buffer Overflow problem JTH (May 12)