Vulnerability Development mailing list archives
Re: regarding phrack49's stack smashing tutorial
From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Sun, 14 May 2000 20:52:45 +0200
On Sat, 13 May 2000, Christian Hammers wrote:
Now I wonder about the following sentences: "The answer is that for every program the stack will start at the same address." Why does it and more specific *where*? I wrote some test programs and saw that is always 0xbffff6c6 +- 0xff. But it changes sometimes.
The address is not fixed because it depends on the size of supplied arguments and environment variables -- the kernel puts them at the top of the stack (at least on Linux but I think other unix systems do it as well)... $ cat > stk.c <<EOF #include <stdio.h> int main() { int a; printf("%p\n", &a); return 0; } EOF $ cc -o stk stk.c $ ./stk 0xbffff88c $ A=dfshjgsdfkghhfdk ./stk 0xbffff87c $ ./stk fdgdfdffdsgfdgd 0xbffff87c $ A=dfshjgsdfkghhfdk ./stk fdgdfdffdsgfdgd 0xbffff864 --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Re: QPOP2.5* exploit ??, (continued)
- Re: QPOP2.5* exploit ?? Dimitry Andric (May 14)
- Re: QPOP2.5* exploit ?? Martin Ixter (May 14)
- TROJAN WARNING: Re: QPOP2.5* exploit ?? Nic Bellamy (May 14)
- Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
- Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
- Re: QPOP2.5* exploit ?? Lluis Mora (May 15)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
- xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
- Re: QPOP2.5* exploit ?? rpc (May 14)
- Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
- Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
- Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
- Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Crispin Cowan (May 15)
- Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Jason Legate (May 17)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)