Re: Studying buffer overflows [maybe OT]

[circut <circut () TheSocket remoteserver org>]

On Mon, 8 Apr 2002, darko wrote:

> Hi all,
>
> I've started to study buffer overflows. I wrote the following code:
>
> void f() {
>         char a[4];
>         int *b;
>         b =  a + 0x8;
>         (*b) += 0x8;
> }
>
> main() {
>         int x;
>         x = 0;
>         f();
>         x = 1;
>         printf("%d\n", x);
> }
>
> I want, after the call to f(), the program jump to printf() so the value of x
> should remain 0, not 1. I always get segmentation faults, bus errors, etc.
> and never that fuc*ing "x = 0" !!
> Tested on a Celeron 433, red hat 7.2, gcc 2.96.
>
> byez
> darko


Hrmm. I think you need to check out that nice paper from Mixer. It shows
some nice stuff like that. Writing buffer overflow exploits - a tutorial
for beginners is the name of it and since I'm nice here's a link:

http://members.tripod.com/mixtersecurity/papers.html

Link is prolly old and outdated so if it's gone don't ask where you can
find it. Search. And good luck with those buffer overflows. they are nice,
but VERY hard to get the hang of, that is if you don't have a vast
knowledge of Memory. So yea, TIP: LEARN ALL ABOUT MEMORY

Later.

:~Short_Circut~:

TheSocket.remoteserver.org - Get plugged in.