I have 2 systems:
I compiled the following code on both systems:
int numOfNops = 600;
unsigned char nops[numOfNops];
int i;
for (i=0; i < numOfNops; i++) {
nops[i] = '\x90';
}
...
printf("GET /%s%s\x90\x90%s HTTP/1.0 \n", nops, buf, ESPs);
The problem is the printing of the "nops" array.
Hexdump system #1
00000250 90 90 90 90 90 90 90 90 90 90 90 90 90 89 e3 da |................|
00000260 c4 d9 73 f4 5f 57 59 49 49 49 49 49 49 49 49 49 |..s._WYIIIIIIIII|
Hexdump system #2:
00000250 90 90 90 90 90 90 90 90 90 90 90 90 90 24 c5 12 |.............$..|
00000260 89 e3 da c4 d9 73 f4 5f 57 59 49 49 49 49 49 49 |.....s._WYIIIIII|
So the additional characters are: 0x24 0xc5 0x12.
[Q] Why is that ?
Thanks.
Your buffer is not NUL '\\0' terminated, so you're printing characters that are past the buffer itself.
I'd suggest to try adding nops[numOfNops - 1] = '\\0'; before calling the printf.
Consider telling printf()
exactly how many NOPs to print:
printf("GET /%.*s%s\x90\x90%s HTTP/1.0 \n", numOfNops, nops, buf, ESPs);
This avoids the problem that you didn't null-terminate the string.
(Note that strictly the %.*s
notation tells printf()
to format up to numOfNops
characters, or until the first null byte, as the output of the conversion specification. Where you have a solid array of NOP values as in the question, this is the same as telling printf()
to print exactly the given number of NOP values.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.