Re: Learning buffer overflow help
- From: "Dude VanWinkle" <dudevanwinkle@xxxxxxxxx>
- Date: Wed, 6 Jun 2007 22:56:22 -0400
On 6 Jun 2007 19:30:37 -0000, erk_3@xxxxxxxxxxx <erk_3@xxxxxxxxxxx> wrote:
Hello everyone,
I have studied alot on buffer overflows and I understand the theory behind it. Thing is, any example I follow says once you can overwrite the EIP you can control the flow of the program (in a nutshell).
So here's my really basic BOF:
#include <stdio.h>
#include <string.h>
int main (int argc, char *argv[]) {
char name[4];
strcpy(name, argv[1]);
printf(name);
}
if you enter: 1234AAAABBBB the eip is 0x42424242
When i try to put in a return address though, such as 1234AAAA\xEE\xEE\xEE\xEE it doesnt go to that address. To my understanding, shouldn't the fault come up at address 0xEEEEEE ?
Sorry if this sounds stupid to some of you, but I think once i get around this little bump in the road I can be on my way.
I am kinda new at this stuff as well, but did you try any other
locations? \xee might be considered "bad characters", kinda like \x00
and \x0a. AFAIK If you put an address that is also an instruction,
then you will mess up the stack.
-JP
- References:
- Learning buffer overflow help
- From: erk_3
- Learning buffer overflow help
- Prev by Date: Re: Vulnerability Disclosure
- Next by Date: Re: Learning buffer overflow help
- Previous by thread: Learning buffer overflow help
- Next by thread: Re: Learning buffer overflow help
- Index(es):
Relevant Pages
|
