Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Studying buffer overflows [maybe OT]

From: "brien mac" <aph3x () linuxmail org>
Date: Wed, 10 Apr 2002 17:47:57 -0400

----- Original Message -----
From: Syzop <syz () dds nl>
Date: Tue, 09 Apr 2002 16:27:22 +0200
To: darko <darko () autistici org>
Subject: Re: Studying buffer overflows [maybe OT]


Dump of assembler code for function main:
0x8048460 <main>:       pushl  %ebp
0x8048461 <main+1>:     movl   %esp,%ebp
0x8048463 <main+3>:     subl   $0x18,%esp
0x8048466 <main+6>:     movl   $0x0,0xfffffffc(%ebp)
0x804846d <main+13>:    call   0x8048440 <f>  <-- your function
0x8048472 <main+18>:    movl   $0x1,0xfffffffc(%ebp) <-- x =1
0x8048479 <main+25>:    addl   $0xfffffff8,%esp <-- this is actually stack cleanup. instead of popping the values 
into a register, %esp is simply modified
0x804847c <main+28>:    movl   0xfffffffc(%ebp),%eax
0x804847f <main+31>:    pushl  %eax <-- printf() starts here with the pushing of the arguments in reverse order
0x8048480 <main+32>:    pushl  $0x80484e4
0x8048485 <main+37>:    call   0x8048344 <printf>
0x804848a <main+42>:    addl   $0x10,%esp
0x804848d <main+45>:    leave
0x804848e <main+46>:    ret
End of assembler dump.
(gdb)
Cya,

    Syzop.



on a side note... 

void f(void)
{
   char a[4];

   long *b;

   (char *)b = a + 0x08;

   (*b) -= 0x3b;
}

int main(void)
{
   int x = 0;

   printf("x=%d\n", x);

   x = 1;

   printf("x=%d\n", x);

   f();

   x = 2;

   /* program never reaches this point */
   printf("x=%d\n", x);

return 0;
}

this should loop infinitely printing "x=0" and "x=1"

cheers
-- 

Get your free email from www.linuxmail.org 


Powered by Outblaze
Previous By Date Next
Previous By Thread Next

Current thread: