Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Buffer Overflow Experiment

From: Alcides <alcides.hercules () gmail com>
Date: Thu, 13 Sep 2007 18:53:27 +0530
Hi List,
I was wondering if someone has already done this.
I'm testing a small program written in C, especially coded for testing buffer overflow. In source code, I have assigned char buffer[512]; I compile with gcc and run on bash.
As soon as I pass "512" characters as argument("A"x512--being precise), the program gives " Segmentation fault (core dumped )" -->as desired.
1] Using GDB debugger, it has been verified that the extended instruction pointer EIP has been overwritten, as expected. (EIP-->0x41414141) 
2] But, on passing "513" chars. argument, the EIP becomes 0x0 -->WHY
3]On passing 520 chars. argument, EIP takes 'some' value and EBP becomes 0x41414141 4]Thereafter, every increment by 1 --> in input characters causes EIP to remain the same as that 'some' value and EBP to take various incremental values. 
every time, for several unit increments

[I am using:  2.6.21-1.3194.fc7 kernel,  i686, Disabled VA randomization]

Any views that help me understand why EIP becomes 0, are welcome.


Thanks.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: