使用 Int 的缓冲区溢出攻击
[英]Buffer Overflow Attack with Int
问题描述
char c[10];
int value = 1;
Why the value changes to 0 until I enter 12 chars?
为什么在我输入 12 个字符之前值变为 0? Why is 12 not 10 or 11?为什么 12 不是 10 或 11? (I know the terminator and how it pushed to the next memory space) (我知道终结者以及它是如何推到下一个 memory 空间的)
1 个解决方案
解决方案1
1 已采纳 2022-05-09 12:05:35
Objects of a given type are typically placed at memory locations that are a multiple of the object size, ie the object is aligned to a boundary matching its size.给定类型的对象通常放置在 memory 位置,这些位置是 object 大小的倍数,即 object对齐到与其大小匹配的边界。
An int is typically 4 bytes in size. int的大小通常为 4 个字节。 If c is placed before value in memory, and if c started at a 4 byte offset, then there will be two bytes of padding between them.如果c位于 memory 中的value之前,并且如果c从 4 字节偏移量开始,那么它们之间将有两个字节的填充。 This would explain why value doesn't get overwritten unless more than 12 bytes or more are written to c .这可以解释为什么除非向c写入超过 12 个字节或更多字节,否则value不会被覆盖。
Note also that this is all undefined behavior as far as the C standard is concerned, however for the purpose of exploiting vulnerabilities it can be useful to examine what specific implementations do under certain conditions.另请注意,就 C 标准而言,这都是未定义的行为,但是为了利用漏洞,检查特定实现在特定条件下执行的操作可能很有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.