我怎样才能调用缓冲区溢出？ [英] How can I invoke buffer overflow?

问题描述

我得到了一个家庭作业，要求我调用一个函数没有显式调用它，使用缓冲区溢出。在code基本上是这样的：

I got a homework assignment asking me to invoke a function without explicitly calling it, using buffer overflow. The code is basically this:

#include <stdio.h>
#include <stdlib.h>

void g()
{
    printf("now inside g()!\n");
}


void f()
{   
    printf("now inside f()!\n");
    // can only modify this section
    // cant call g(), maybe use g (pointer to function)
}

int main (int argc, char *argv[])
{
    f();
    return 0;
}

虽然我不知道如何着手。我想过改变的返回地址程序计数器，以便它会直接进入到g（）的地址，但我不知道如何访问它。无论如何，提示将是巨大的。

Though I'm not sure how to proceed. I thought about changing the return address for the program counter so that it'll proceed directly to the address of g(), but I'm not sure how to access it. Anyway, tips will be great.

推荐答案

基本的想法是这样，当函数返回是继续在一个新的被攻击的地址来执行改变函数的返回地址。正如尼尔斯的答案中的一个做的，你可以声明一块内存（通常是数组），并在返回地址被覆盖，以及这样的方式溢出了。

The basic idea is to alter the function's return address so that when the function returns is continues to execute at a new hacked address. As done by Nils in one of the answers, you can declare a piece of memory (usually array) and overflow it in such a way that the return address is overwritten as well.

我建议你不要盲目采取任何这里给出实际上不理解它们是如何工作的程序。这篇文章写得很好，你会发现它非常有用的：

I would suggest you to not blindly take any of the programs given here without actually understanding how they work. This article is very well written and you'll find it very useful:

一个一步一步的缓冲区溢出vulnerablity

这篇关于我怎样才能调用缓冲区溢出？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！