[英]Try to learn exploitation with c on ubuntu
我尝试学习利用我从缓冲区溢出开始这是我的代码:
#include<stdio.h>
#include<string.h>
int main (int argc,char *argv[])
{
int value=5;
char buffer_one[8],buffer_two[8];
strcpy(buffer_one,"one");
strcpy(buffer_two,"two");
printf("[+] befor 2 is at %p and have \'%s\'\n",buffer_two,buffer_two);
printf("[+] befor 1 is at %p and have \'%s\'\n",buffer_one,buffer_one);
printf("[+] befor value at %p and have %d (0x%08x)\n",&value,value,value);
printf("\nstrcpy copying %d bytes into buffer_two\n\n",(int)strlen(argv[1]));
strcpy(buffer_two, argv[1]);
printf("[+] after 2 is at %p and have \'%s\'\n",buffer_two,buffer_two);
printf("[+] after 1 is at %p and have \'%s\'\n",buffer_one,buffer_one);
printf("[+] after value at %p and have %d (0x%08x)\n",&value,value,value);
return 0;
}
我用命令编译它:
gcc -o overflow overflow.c
现在我的问题开始了。
而不是将所有变量放在正确的内存位置,(首先写入将在最高内存位置,最后将在最低位置,当我用垃圾填满最后一个变量时,它将覆盖所有变量)他们的顺序很奇怪什么时候和第一个插入是lowes
[+] befor 2 is at 0x7fffdb76e5f0 and have 'two'
[+] befor 1 is at 0x7fffdb76e5e0 and have 'one'
[+] befor value at 0x7fffdb76e5dc and have 5 (0x00000005)
strcpy copying 8 bytes into buffer_two
[+] after 2 is at 0x7fffdb76e5f0 and have '01234567'
[+] after 1 is at 0x7fffdb76e5e0 and have 'one'
[+] after value at 0x7fffdb76e5dc and have 5 (0x00000005)
这里要提两件事。
C
标准没有规定变量的分配顺序(在堆栈中)。 基于不同的优化级别,同一个编译器可能会重新排序变量的分配(从而改变地址)。
访问分配的内存是未定义的行为。 分段故障(死机)只是UB的许多副作用之一。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.