Vulnerability Development mailing list archives
Re: argc issue
From: "mike davis" <lists () stonedcoder org>
Date: Thu, 25 May 2006 13:53:20 -0400
the trick here is to use a wrapper program to that calls the executable without *any arguments* including argv[0]
at that point argc == 0 argv[0] == NULL and argv[1] is somewhere in the the environmental variables..and.. as an asside, when playing wargames.. its usually best not to cheat or you really get nothing out of it.
-phar----- Original Message ----- From: <padre () correo ugr es>
To: <vuln-dev () securityfocus com>
Sent: Tuesday, May 23, 2006 1:51 PM
Subject: argc issue
hi!
i' ve a code thats looks like:
------------------- code ----------------------
int main (int argc, char **argv)
{
char *a;
char *b;
a=malloc(char *)(100);
b=malloc(char *)(100);
if (argc)
exit (-1);
else {
strcpy(a,argv[1]);
}
free (a);
return 0;
}
---------------- code ---------------------------
I contais an explotable heap overflow. I can overwrite b's chunk head so I
can write into DTOR_END the addr i want.
But the main issue is " if (argc) exit(0);" . How can I change the argc
variable so it contais the value of 0?.
thanks and srry for my poor english :(
Current thread:
- argc issue padre (May 25)
- RE: argc issue Chris Eagle (May 26)
- Re: argc issue 3APA3A (May 26)
- Re: argc issue Valdis . Kletnieks (May 26)
- Re: argc issue mike davis (May 26)
- Re: argc issue jlongs2 (May 29)