stackoom
  简体   繁体   中英

How to detect which variable/code is creating a stack-based buffer overrun

 原文  2022-04-05 00:49:18       c++/ stack-overflow/ windbg

Question

I have an application that has started failing with 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

I have a full crash dump and source code, but this leads me to terminate() and abort() functions in the Windows API and I can't see any application-specific code stepping through the call stack.

The user has indicated they get an Out of Memory error when launching the app UI (it can run on the command line or launch a UI).

My question is, does the above exception indicate the application is trying to load too much data onto the stack and if it does is there any way to detect which variable and preferably which line of code causes the stack buffer overrun to occur? I am analysing the dump file using WinDbg and Visual Studio.

The stack is below.

WARNING: Stack unwind information not available. Following frames may be wrong.
00 0019d2f8 00868f91 MyApp+0x4ccf73
01 0019d308 7490e9a2 MyApp+0x468f91
02 0019d39c 7709d30e KERNELBASE!UnhandledExceptionFilter+0x172
03 0019ffdc 77061b34 ntdll!__RtlUserThreadStart+0x3b7d4
04 0019ffec 00000000 ntdll!_RtlUserThreadStart+0x1b

1 answers

solution1
 1 ACCPTED  2022-04-05 16:03:17

  1. Activate Application Verifier for your application. It helps finding the problem more closely to the actual root cause.
  2. Then run it using a debugger.
  3. Fix your symbols
  4. Use a large CounterString (16 MB or so; funny generators here ) and paste it into every textbox you have. This will probably overflow every unprotected buffer you have in your application.
  5. Wait for the application to throw an exception. It may not be the exact exception you're seeing, because Application Verifier may have introduced his own exceptions.
  6. Analyze the exception and look out for hints given by Application Verifier. It may give you helpful additional information which is only available because you activated Application Verifier.
  7. If needed, make use of the CounterString and find it in the memory (likely on the stack in your case)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unhandled exception at 0x00363A09, Stack cookie instrumentation code detected a stack-based buffer overrun Shuffling elements of Array : stack-based buffer overrun error Why does my Interop code throw a "Stack cookie instrumentation code detected a stack-based buffer overrun" exception? Writing heapify function from scratch, getting a “stack-based buffer overrun” How to report a stack buffer overrun on Windows? Stack-based palindrome checker How does Visual Studio 2013 detect buffer overrun What is stack-based reference? How to detect a memory overrun? STATUS_STACK_BUFFER_OVERRUN with LoadLibrary
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM