RE: Assembler/C References

["Jeremy Junginger" <jjunginger () interactcommerce com>]

Hey guys, 
Thanks for all of the great feedback about assembler and c.  I was
playing with the code at: 
http://community.core-sdi.com/~gera/InsecureProgramming/abo1.html
(Thanks for the link, Claes) 
And if it is run, it produces a segmentation fault.  After running gdb
against the program, I obtain the following data:

[rewt@n00bB0x]# gdb abo1 

Copyright 2001 Free Software Foundation, Inc. 
GDB is free software, covered by the GNU General Public License, and you
are 
welcome to change it and/or distribute copies of it under certain
conditions. 
Type "show copying" to see the conditions. 
There is absolutely no warranty for GDB.  Type "show warranty" for
details. 
This GDB was configured as "i386-redhat-linux"... 
(gdb) disass main 
Dump of assembler code for function main: 
0x8048460 <main>:       push   %ebp 
0x8048461 <main+1>:     mov    %esp,%ebp 
0x8048463 <main+3>:     sub    $0x108,%esp 
0x8048469 <main+9>:     sub    $0x8,%esp 
0x804846c <main+12>:    mov    0xc(%ebp),%eax 
0x804846f <main+15>:    add    $0x4,%eax 
0x8048472 <main+18>:    pushl  (%eax) 
0x8048474 <main+20>:    lea    0xfffffef8(%ebp),%eax 
0x804847a <main+26>:    push   %eax 
0x804847b <main+27>:    call   0x804834c <strcpy> 
0x8048480 <main+32>:    add    $0x10,%esp 
0x8048483 <main+35>:    leave 
0x8048484 <main+36>:    ret 
0x8048485 <main+37>:    lea    0x0(%esi),%esi 
0x8048488 <main+40>:    nop 
0x8048489 <main+41>:    nop 
0x804848a <main+42>:    nop 
0x804848b <main+43>:    nop 
0x804848c <main+44>:    nop 
0x804848d <main+45>:    nop 
0x804848e <main+46>:    nop 
0x804848f <main+47>:    nop 
End of assembler dump. 
(gdb) quit 

[rewt@n00bB0x]# 

I guess I don't really know where to go from here.  I see that the
buffer has space form 256 bytes.  Okay, so I run ./abo1 AAAAAAAA(256
times) and it runs okay, then when I run ./abo1 with AAAA(more than
256X) it returns with a segmentation fault.  The part I'm not
understanding is, after I've overflowed the buffer, how do I know where
the next bytes will be stored?  Will they be stored at the next memory
address (in this case 0x8048480)?  Once you know where they are stored,
how can you append your code, do you just do a
AAAAAA(howevermanytimesyouneedit) and then append your code to the end
of it?  

Thanks for fielding these beginner questions.  They're embarrassing to
ask, but everyone's gotta start somewhere. 

-Jeremy 


-----Original Message-----
From: Kim Reece [mailto:sorel () ugcs caltech edu] 
Sent: Monday, July 15, 2002 4:53 PM
To: Knud Erik Højgaard
Cc: Jeremy Junginger; vuln-dev () securityfocus com
Subject: Re: Assembler/C References



"art of assembly"  - i forget the author name, but it's a very good book
and a simple google search will turn it up

plus just about any 'advanced' c book, i.e. one that doesn't assume you
are incapable of understanding an if statement and need kindergarden
style graphics to not get bored.


--sorel

Attachment: smime.p7s
Description: