I'm working on my school project "ROP on ARM vs x86"
i've done my work on x86 and trying 'ret2zp' on ARM right now and i need help.
please help such a linux newbie.
I'm following easy and neat example on ARM 'A Short Guid on ARM Exploitation' by Kumar & Gupta
On page 41, (my reputation is lack to post img..sorry)
there is a line
(gdb) r 'printf "AAAABBBBCCCCDDDD\\x38\\x84"
so Kumar & Gupta was trying to put char array AAAABBBBCCCCDDDD&„ (with extended ascii code. nothing on simple ascii code)
and i can't put my char array on argument for my code with 'printf' command;
here's my simple code to use 'printf'.
buffer_overflow.c
#include <stdio.h>
#include <stdlib.h>
void IShouldNeverBeCalled(){
puts("I should never be called");
exit(0);
}
void Vulnerable(char *arg){
char buff[10];
strcpy(buff, arg);
}
int main(int argc, char **argv){
Vulnerable(argv[1]);
puts(argv[1]);
return(0);
}
and it works as
root@linaro:~# ./buffer_overflow AAAABBBB
AAAABBBB
root@linaro:~# ./buffer_overflow 'printf "A"'
printf "A"
so printf isn't working as i expected.
how can i use 'printf' as Kumar & Gupta said so??
how can my program get argument "A" when i put "'printf "\\x41"'"?
and what is that printf? is it function on python something? or is it program integrated with ubuntu?
oh my ubuntu is
root@linaro:~# cat /etc/issue
Ubuntu natty (development branch) \n \l
thank you for helping me .
You're using apostrophe '
instead of backtick `
. Additionally, the doc is missing the terminating backtick.
Instead of using backticks, though, you should use the better $()
and quote properly:
./buffer_overflow "$(printf "AAAABBBBCCCCDDDD\x38\x84")"
Also note that they're doing this in gdb, not in a shell.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.