如何跳过一条线做在C缓冲区溢出 [英] how to skip a line doing a buffer overflow in c
问题描述
我想跳过在C线行 X = 1; 中使用的主要部分缓冲区溢出;不过,我不知道为什么我不能不管从 4002f4 地址跳到下一个地址 4002fb 事实上,我指望7个字节形式<主+ 35> 到<主+ 42> ,我还配置选项的randomniZation,并在Debian和AMD环境execstack环境,但我仍然得到 X = 1;
请你能告诉我这是什么不对的程序?
我已经使用的dba调试栈和存储器地址:
0x00000000004002ef<主+ 30计算值:callq 0x4002a4 **<作用> **
** 0x00000000004002f4 **<主+ 35计算值:MOVL $为0x1,-0x4(RBP%)
** 0x00000000004002fb **<主+ 42计算值:MOV -0x4(RBP%),ESI%
0x00000000004002fe<主+ 45计算值:MOV $ 0x4629c4,EDI%void函数(INT A,INT B,INT C)
{
炭缓冲液[5];
INT * RET; RET =缓冲区+ 12;
(* RET)+ = 8;
}诠释的main()
{
INT X = 0;
功能(1,2,3);
X = 1;
的printf(X =%I \\ N,X);
返回0;
}
您必须阅读砸栈乐趣和利润文章。我读同一篇文章,并发现它不是跳过指令同样的问题。在IDA几个小时的调试会话后,我已经改变了code如下图所示,这是印刷x = 0和B = 5。
的#include<&stdio.h中GT;void函数(INT A,INT B){
INT C = 0;
为int *指针; 指针=安培; c + 2以下;
(*指针)+ = 8;
}无效的主要(){
INT X = 0;
功能(1,2);
X = 3;
INT B = 5;
的printf(x =%d个\\ N,B =%d个\\ N,X,B);
残培();
}
I want to skip a line in C the line x=1; in the main section using bufferoverflow; however, I don't know why I can not skip the address from 4002f4 to the next address 4002fb in spite of the fact that I am counting 7 bytes form <main+35> to <main+42>, I also have configured the options the randomniZation and execstack environment in a Debian and AMD environment, but I am still getting x=1;
please can you tell me what it's wrong with this procedure?
I have used dba to debug the stack and the memory addresses:
0x00000000004002ef <main+30>: callq 0x4002a4 **<function>**
**0x00000000004002f4** <main+35>: movl $0x1,-0x4(%rbp)
**0x00000000004002fb** <main+42>: mov -0x4(%rbp),%esi
0x00000000004002fe <main+45>: mov $0x4629c4,%edi
void function(int a, int b, int c)
{
char buffer[5];
int *ret;
ret = buffer + 12;
(*ret) += 8;
}
int main()
{
int x = 0;
function(1, 2, 3);
x = 1;
printf("x = %i \n", x);
return 0;
}
You must be reading Smashing the Stack for Fun and Profit article. I was reading the same article and have found the same problem it wasnt skipping that instruction. After a few hours debug session in IDA I have changed the code like below and it is printing x=0 and b=5.
#include <stdio.h>
void function(int a, int b) {
int c=0;
int* pointer;
pointer =&c+2;
(*pointer)+=8;
}
void main() {
int x =0;
function(1,2);
x = 3;
int b =5;
printf("x=%d\n, b=%d\n",x,b);
getch();
}
这篇关于如何跳过一条线做在C缓冲区溢出的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
