Vulnerability Development mailing list archives
Re: Studying buffer overflows [maybe OT]
From: "Rafal Rajs" <rafal () safenet pl>
Date: Tue, 9 Apr 2002 11:19:18 +0200
I've started to study buffer overflows. I wrote the following code: void f() { char a[4]; int *b; b = a + 0x8; (*b) += 0x8; } main() { int x; x = 0; f(); x = 1; printf("%d\n", x); }
hello . I tested it on my Freebsd 4.5 (gcc version 2.95.3 20010315 (release) [FreeBSD]). Let's start gdb: disassem main: 0x80484c4 <main>: push %ebp 0x80484c5 <main+1>: mov %esp,%ebp 0x80484c7 <main+3>: sub $0x18,%esp 0x80484ca <main+6>: movl $0x0,0xfffffffc(%ebp) 0x80484d1 <main+13>: call 0x80484a4 <f> 0x80484d6 <main+18>: movl $0x1,0xfffffffc(%ebp) 0x80484dd <main+25>: add $0xfffffff8,%esp !!!! it's 7 bytes difference not 8 0x80484e0 <main+28>: mov 0xfffffffc(%ebp),%eax 0x80484e3 <main+31>: push %eax 0x80484e4 <main+32>: push $0x8048533 0x80484e9 <main+37>: call 0x8048358 <printf> 0x80484ee <main+42>: add $0x10,%esp So try only change in function f(): (*b) += 0x8; to (*b) += 0x7; For me it works perfect. cheers Rafal
Current thread:
- Re: Studying buffer overflows [maybe OT], (continued)
- Re: Studying buffer overflows [maybe OT] circut (Apr 09)
- Re: Studying buffer overflows [maybe OT] Larry W. Cashdollar (Apr 09)
- Re: Studying buffer overflows [maybe OT] Jason Barbour (Apr 09)
- Re: Studying buffer overflows [maybe OT] Syzop (Apr 09)
- Re: Studying buffer overflows [maybe OT] Guillaume Morin (Apr 09)
- Re: Studying buffer overflows [maybe OT] Eric LeBlanc (Apr 09)
- Re: Studying buffer overflows [maybe OT] nocon (Apr 10)
- Re: Studying buffer overflows [maybe OT] Jan Kluka (Apr 09)
- Re: Studying buffer overflows [maybe OT] SpaceWalker (Apr 09)
- Re: Studying buffer overflows [maybe OT] Matthew Kauffman (Apr 09)
- Re: Studying buffer overflows [maybe OT] Rafal Rajs (Apr 09)
- Re: Studying buffer overflows [maybe OT] Eric LeBlanc (Apr 09)
- Re: Studying buffer overflows [maybe OT] Nasko Oskov (Apr 09)
- Re: Studying buffer overflows [maybe OT] brien mac (Apr 10)
- Re: Studying buffer overflows [maybe OT] circut (Apr 09)