Re: Studying buffer overflows [maybe OT]

["Rafal Rajs" <rafal () safenet pl>]

> I've started to study buffer overflows. I wrote the following code:
>
> void f() {
>         char a[4];
>         int *b;
>         b =  a + 0x8;
>         (*b) += 0x8;
> }
>
> main() {
>         int x;
>         x = 0;
>         f();
>         x = 1;
>         printf("%d\n", x);
> }

hello .

I tested it on my Freebsd 4.5 (gcc version 2.95.3 20010315 (release)
[FreeBSD]).
Let's start gdb:

disassem main:
0x80484c4 <main>:       push   %ebp
0x80484c5 <main+1>:     mov    %esp,%ebp
0x80484c7 <main+3>:     sub    $0x18,%esp
0x80484ca <main+6>:     movl   $0x0,0xfffffffc(%ebp)
0x80484d1 <main+13>:    call   0x80484a4 <f>

0x80484d6 <main+18>:    movl   $0x1,0xfffffffc(%ebp)
0x80484dd <main+25>:    add    $0xfffffff8,%esp
!!!! it's 7 bytes difference not 8

0x80484e0 <main+28>:    mov    0xfffffffc(%ebp),%eax
0x80484e3 <main+31>:    push   %eax
0x80484e4 <main+32>:    push   $0x8048533
0x80484e9 <main+37>:    call   0x8048358 <printf>
0x80484ee <main+42>:    add    $0x10,%esp

So try only change in function f():
  (*b) += 0x8;
to
 (*b) += 0x7;

For me it works perfect.

cheers
Rafal