Vulnerability Development mailing list archives
Re: Learning buffer overflow help
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Wed, 6 Jun 2007 22:56:22 -0400
On 6 Jun 2007 19:30:37 -0000, erk_3 () hotmail com <erk_3 () hotmail com> wrote:
Hello everyone, I have studied alot on buffer overflows and I understand the theory behind it. Thing is, any example I follow says once you can overwrite the EIP you can control the flow of the program (in a nutshell). So here's my really basic BOF: #include <stdio.h> #include <string.h> int main (int argc, char *argv[]) { char name[4]; strcpy(name, argv[1]); printf(name); } if you enter: 1234AAAABBBB the eip is 0x42424242 When i try to put in a return address though, such as 1234AAAA\xEE\xEE\xEE\xEE it doesnt go to that address. To my understanding, shouldn't the fault come up at address 0xEEEEEE ? Sorry if this sounds stupid to some of you, but I think once i get around this little bump in the road I can be on my way.
I am kinda new at this stuff as well, but did you try any other locations? \xee might be considered "bad characters", kinda like \x00 and \x0a. AFAIK If you put an address that is also an instruction, then you will mess up the stack. -JP
Current thread:
- Learning buffer overflow help erk_3 (Jun 06)
- Re: Learning buffer overflow help Dude VanWinkle (Jun 07)
- <Possible follow-ups>
- Re: Learning buffer overflow help mailbox () martinelli com (Jun 07)
- Re: Learning buffer overflow help Marco Ivaldi (Jun 07)
- Re: Learning buffer overflow help KaCo678 (Jun 07)
- Re: Re: Learning buffer overflow help erk_3 (Jun 07)