- 论坛徽章:
- 0
|
貌似没有汇编板块,就来这里了,相信这里很多C高手汇编也不陌生。
最近想学下溢出,不过我汇编基本也就知道点零星概念,拿了本《网络渗透技术》,想法是边看边学汇编吧,现在里面第一个例子我这里就不成功。代码如下
#include <stdio.h>
#include <string.h>
char largebuff[] = "1234512345123451234512345===ABCD";
int main(main)
{
char smallbuff[16];
strcpy (smallbuff, largebuff);
}
|
这个程序很简单,正常应该是eip被改为ox44434241(即DCBA)但是我用GDB执行的时候结果是这样的:
bruce@ubuntu8:~/code/overflow$ gdb simple_overflow
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(gdb) r
Starting program: /home/bruce/code/overflow/simple_overflow
*** stack smashing detected ***: /home/bruce/code/overflow/simple_overflow terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x4[0xb7eb3138]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb7eb30f0]
/home/bruce/code/overflow/simple_overflow[0x8048404]
[0x44434241]
======= Memory map: ========
08048000-08049000 r-xp 00000000 08:01 92601 /home/bruce/code/overflow/simple_overflow
08049000-0804a000 rw-p 00000000 08:01 92601 /home/bruce/code/overflow/simple_overflow
0804a000-0806b000 rw-p 0804a000 00:00 0 [heap]
b7dba000-b7dc4000 r-xp 00000000 08:01 748268 /lib/libgcc_s.so.1
b7dc4000-b7dc5000 rw-p 0000a000 08:01 748268 /lib/libgcc_s.so.1
b7dc5000-b7dc6000 rw-p b7dc5000 00:00 0
b7dc6000-b7f0f000 r-xp 00000000 08:01 765232 /lib/tls/i686/cmov/libc-2.7.so
b7f0f000-b7f10000 r--p 00149000 08:01 765232 /lib/tls/i686/cmov/libc-2.7.so
b7f10000-b7f12000 rw-p 0014a000 08:01 765232 /lib/tls/i686/cmov/libc-2.7.so
b7f12000-b7f15000 rw-p b7f12000 00:00 0
b7f21000-b7f23000 rw-p b7f21000 00:00 0
b7f23000-b7f24000 r-xp b7f23000 00:00 0 [vdso]
b7f24000-b7f3e000 r-xp 00000000 08:01 748269 /lib/ld-2.7.so
b7f3e000-b7f40000 rw-p 00019000 08:01 748269 /lib/ld-2.7.so
bf900000-bf915000 rw-p bffeb000 00:00 0 [stack]
Program received signal SIGABRT, Aborted.
0xb7f23410 in __kernel_vsyscall ()
(gdb) i reg
eax 0x0 0
ecx 0x389e 14494
edx 0x6 6
ebx 0x389e 14494
esp 0xbf912e58 0xbf912e58
ebp 0xbf912e74 0xbf912e74
esi 0x0 0
edi 0xb7f10ff4 -1208938508
eip 0xb7f23410 0xb7f23410 <__kernel_vsyscall+16>
eflags 0x246 [ PF ZF IF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb)
eip没有被改为想象中的值,这是为什么呢?是现在的CPU阻止了溢出吗?
程序环境ubuntu8.04(2.6.24-19) gcc 4.2.4 intel Core2 Duo T7250 2G RAM,系统是个VMWARE虚拟机 |
|