- 论坛徽章:
- 0
|
写了一个缓冲区溢出,不过有问题,能指点一下吗,谢谢
#include "stdio.h"
int shellcode()
{
int value = 0,i;
unsigned int *s = &value;
printf("address of value: %x\n", &value);
printf("Overflow Successful!\n");
__asm__(
"movl $0x80484e1,4( %ebp )" //0x80484e1是call test 后的代码地址,此处修改后就可以跳转到test() 后的语句执行
/*
"movl $0x8f4390,44( %ebp )" 如果 不加这句会出现段错误(加了也错 。。。)加这句是因为我觉得会出现段错误是让他进入shellcode,并没有用call,没有构建环境,但是却在shellcode内ret了,所以我想模仿call:push eip,
不知道该怎么改,谢谢
*/
);
return 0;
}
int test()
{
int i;
unsigned int stack[10];
printf("address of stack%x\n", &stack);
for (i = 0; i < 10; i++)
stack[i] = 0;
for (i = 0; i < 20; i++)
{
printf("&stack[ %d ] = %x\n", i,stack[i]);
}
stack[12] = 0x80483f4; //这个是反汇编后查到的shellcode的地址(每个 机子可能不同)
return 0;
}
int main()
{
int value = 0;
printf("address of value: %x\n", &value);
test();
printf("Overflow Failed\n");
return 0;
}
|
执行结果:
address of value: bfb618b0
address of stackbfb6185c
&stack[ 0 ] = 0
&stack[ 1 ] = 0
&stack[ 2 ] = 0
&stack[ 3 ] = 0
&stack[ 4 ] = 0
&stack[ 5 ] = 0
&stack[ 6 ] = 0
&stack[ 7 ] = 0
&stack[ 8 ] = 0
&stack[ 9 ] = 0
&stack[ 10 ] = a
&stack[ 11 ] = bfb618b8
&stack[ 12 ] = 80484e1
&stack[ 13 ] = 80485d0
&stack[ 14 ] = bfb618b0
&stack[ 15 ] = bfb618c8
&stack[ 16 ] = 8048529
&stack[ 17 ] = 90a6c5
&stack[ 18 ] = bfb6195c
&stack[ 19 ] = bfb618c8
address of value: bfb61880
Overflow Successful!
Overflow Failed
段错误
问题如程序中注释所示,谢谢。 |
|