Vulnerability Development mailing list archives

Re: regarding phrack49's stack smashing tutorial

From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Sun, 14 May 2000 20:52:45 +0200


On Sat, 13 May 2000, Christian Hammers wrote:

Now I wonder about the following sentences:
      "The answer is that for every program the stack will start at
      the same address."
Why does it and more specific *where*? I wrote some test programs and
saw that is always 0xbffff6c6 +- 0xff. But it changes sometimes.


The address is not fixed because it depends on the size of supplied
arguments and environment variables -- the kernel puts them at the top
of the stack (at least on Linux but I think other unix systems do it as
well)...

$ cat > stk.c <<EOF
#include <stdio.h>
int main() { int a; printf("%p\n", &a); return 0; }
EOF
$ cc -o stk stk.c
$ ./stk
0xbffff88c
$ A=dfshjgsdfkghhfdk ./stk
0xbffff87c
$ ./stk fdgdfdffdsgfdgd
0xbffff87c
$ A=dfshjgsdfkghhfdk ./stk fdgdfdffdsgfdgd
0xbffff864

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Current thread:

Re: QPOP2.5* exploit ??, (continued)
- - - Re: QPOP2.5* exploit ?? Dimitry Andric (May 14)
    - Re: QPOP2.5* exploit ?? Martin Ixter (May 14)
    - TROJAN WARNING: Re: QPOP2.5* exploit ?? Nic Bellamy (May 14)
    - Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
    - Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
    - Re: QPOP2.5* exploit ?? Lluis Mora (May 15)
    - Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
    - xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
    - Re: QPOP2.5* exploit ?? rpc (May 14)
    - Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
    - Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
    - Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
  - is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
    - Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Crispin Cowan (May 15)
    - Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Jason Legate (May 17)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Maxime Rousseau (May 12)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Daniel P. Zepeda (May 14)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)

(Thread continues...)