研究缓冲区溢出时，应使用哪个版本的GCC或标志? [英] Which versions of GCC, or flags, should I use when studying buffer overflows?

问题描述

最近，作为计算机工程专业的本科生，我一直在研究缓冲区溢出.只是出于兴趣，我开始研究和研究缓冲区溢出，但是当尝试在计算机上用GCC 4.9.1(在Debian Jessie中编译)的自己的C程序中实现它们时，就陷入了困境.

Recently, I've been studying buffer overflows as an undergraduate student in Computer Engineering. Simply out of interest, I began researching and studying buffer overflows, but have gotten stuck when attempting to implement them in my own C programs on my computer, compiled with GCC 4.9.1 (in Debian Jessie).

我听说较新的编译器中有各种堆栈溢出保护，所以我认为我的问题是我的编译器版本太新.要么是，要么我没有使用正确的标志(无)进行编译.

I've heard that there are sorts of stack overflow protection in newer compilers, so I'm thinking that my issue is that my compiler version is too new. Either that, or I'm not compiling with the correct flags (none).

那么我有没有好的版本的GCC可以用来测试缓冲区溢出?还是应该使用特定的标志来防止堆栈保护和金丝雀?

So are there good versions of GCC for me to obtain to test buffer overflows? Or should I use a particular flag to prevent stack protection and canaries?

谢谢您的时间.

推荐答案

使用-zexecstack -fno-stack-protector使用gcc禁用堆栈框架保护和不可执行的堆栈.

Use -zexecstack -fno-stack-protector to disable stack frame protection and non-executable stack with gcc.

在Linux系统上，您还必须使用以下命令禁用地址随机化(ASLR):

On your Linux system, you also have to disable address randomization (ASLR) using:

echo 0 > /proc/sys/kernel/randomize_va_space

这篇关于研究缓冲区溢出时，应使用哪个版本的GCC或标志?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！