Vulnerability Development mailing list archives
Re: regarding phrack49's stack smashing tutorial
From: dapatil () HOTMAIL COM (Darshan Patil)
Date: Mon, 15 May 2000 02:30:39 +0530
Hi, The stack can start from any address actually. You get the same address running your test programs because, the stack hasn't changed much from the value allotted to you. Try exporting a few variables or logging in as another user and then run your test programs. The value of you stack pointer will change. Also the address you get does not map onto the physical RAM because it is not supposed to. Read about Virtual Memory to understand it. Also the zip file contains some documents on overflows. Hope this helps --Darshan ----- Original Message ----- From: Christian Hammers <ch () WESTEND COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Sunday, May 14, 2000 12:26 AM Subject: regarding phrack49's stack smashing tutorial
Hello list I'm learning about stack overflows from Aleph's article in Phrack #49. Now I wonder about the following sentences: "The answer is that for every program the stack will start at the same address." Why does it and more specific *where*? I wrote some test programs and saw that is always 0xbffff6c6 +- 0xff. But it changes sometimes. What is so special about this 0xbffffffff address and by the way this address never fits into my 64M memory.... ! If anybody know other documents which explains buffer overflows I would appreciate any information. thanks, -christian- -- Linux - the choice of the GNU generation. Join the Debian Project http://www.debian.org Christian Hammers * Oberer Heidweg 35 * D-52477 Alsdorf * Tel: 02404-25624 50 3C 52 26 3E 52 E7 20 D2 A1 F5 16 C4 C9 D4 D3 1024/925BCB55 1997/11/01
<HR NOSHADE> <UL> <LI>application/x-zip-compressed attachment: stack.zip </UL>
Current thread:
- Re: QPOP2.5* exploit ??, (continued)
- Re: QPOP2.5* exploit ?? Martin Ixter (May 14)
- TROJAN WARNING: Re: QPOP2.5* exploit ?? Nic Bellamy (May 14)
- Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
- Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
- Re: QPOP2.5* exploit ?? Lluis Mora (May 15)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
- xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
- Re: QPOP2.5* exploit ?? rpc (May 14)
- Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
- Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
- Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
- Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Crispin Cowan (May 15)
- Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Jason Legate (May 17)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)