论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2011-01-13 16:09 |只看该作者 |倒序浏览

本帖最后由 oatt 于 2011-01-13 16:18 编辑

在James C foster的书buffer overflow attacks - detect, exploit, prevent当中第三章中有个例子s-proc.c，书中它是能执行的，并且有正确的执行结果，书中的代码及执行结果如下面两个段代码所示。
但是我在运行书上面的例子时，出现段错误，我认为调用fread(code, 1, flen, fp)时，是把代码（write.s编译后生产的）写入数据段，数据段是不可执行的，所以会出现段错误。
为什么写书的作者能运行下面的代码，我却实现不了？？？？？？

Example 3.1
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>
/*
* Print message function
*/
static void croak(const char *msg) {
fprintf(stderr, "%s\n", msg);
fflush(stderr);
}
/*
* Usage function
*/
static void usage(const char *prgnam) {
fprintf(stderr, "\nExecute code : %s -e <file-containingshellcode>\n", prgnam);
fprintf(stderr, "Convert code : %s -p <file-containing-shellcode>\n\n", prgnam);
fflush(stderr);
exit(1);
}
/*
* Signal error and bail out.
*/
static void barf(const char *msg) {
perror(msg);
exit(1);
}
/*
* Main code starts here
*/
int main(int argc, char **argv) {
FILE *fp;
void *code;
int arg;
int i;
int l;
int m = 15; /* max # of bytes to print on one line */
struct stat sbuf;
long flen; /* Note: assume files are < ** bytes long;-) */
void (*fptr)(void);
if(argc < 3)
usage(argv[0]);
if(stat(argv[], &sbuf))
barf("failed to stat file");
flen = (long) sbuf.st_size;
if(!(code = malloc(flen)))
barf("failed to grab required memory");
if(!(fp = fopen(argv[2], "rb")))
barf("failed to open file");
if(fread(code, 1, flen, fp) != flen)
barf("failed to slurp file");
if(fclose(fp))
barf("failed to close file");
while ((arg = getopt (argc, argv, "e:p:")) != -1){
switch (arg){
case 'e':
croak("Calling code ...");
fptr = (void (*)(void)) code;
(*fptr)();
break;
case 'p':
printf("\n/* The following shellcode is %d bytes long:*/\n",flen);
printf("\nchar shellcode[] =\n");
l = m;
for(i = 0; i < flen; ++i) {
if(l >= m) {
if(i) printf("\"\n");
printf( "\t\"");
l = 0;
}
++l;
printf("\\x%0x", ((unsigned char *)code)[i]);
}
printf("\";\n\n\n");
break;
default :
usage(argv[0]);
}
}
return 0;
}