有没有缓冲区溢出helloworld for c ++? [英] Is there a buffer overflow helloworld for c++?
本文介绍了有没有缓冲区溢出helloworld for c ++?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我尝试了此问题提供的代码,但它不工作。
I tried the code provided by this question,but it doesn't work.
如何设计溢出来包装我的头?
How to contrive an overflow to wrap my head around?
.file "hw.cpp"
.section .rdata,"dr"
LC0:
.ascii "Oh shit really bad~!\15\12\0"
.text
.align 2
.globl __Z3badv
.def __Z3badv; .scl 2; .type 32; .endef
__Z3badv:
pushl %ebp
movl %esp, %ebp
subl $8, %esp
movl $LC0, (%esp)
call _printf
leave
ret
.section .rdata,"dr"
LC1:
.ascii "WOW\0"
.text
.align 2
.globl __Z3foov
.def __Z3foov; .scl 2; .type 32; .endef
__Z3foov:
pushl %ebp
movl %esp, %ebp
subl $4, %esp
movl LC1, %eax
movl %eax, -4(%ebp)
movl $__Z3badv, 4(%ebp)
leave
ret
.def ___main; .scl 2; .type 32; .endef
.align 2
.globl _main
.def _main; .scl 2; .type 32; .endef
_main:
pushl %ebp
movl %esp, %ebp
subl $8, %esp
andl $-16, %esp
movl $0, %eax
addl $15, %eax
addl $15, %eax
shrl $4, %eax
sall $4, %eax
movl %eax, -4(%ebp)
movl -4(%ebp), %eax
call __alloca
call ___main
call __Z3foov
movl $0, %eax
leave
ret
.def _printf; .scl 2; .type 32; .endef
推荐答案
如果您想了解缓冲区溢出以及如何利用它们我建议由Aleph One为Phrack 49编写的教程,粉碎堆栈以获得乐趣和利润
If you want to understand exactly what happens in a buffer overflow and how to exploit them i recommend the tutorial by Aleph One written for Phrack 49, Smashing the stack for fun and profit
这篇关于有没有缓冲区溢出helloworld for c ++?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
