Vulnerability Development mailing list archives
Re: Studying buffer overflows [maybe OT]
From: "brien mac" <aph3x () linuxmail org>
Date: Wed, 10 Apr 2002 17:47:57 -0400
----- Original Message ----- From: Syzop <syz () dds nl> Date: Tue, 09 Apr 2002 16:27:22 +0200 To: darko <darko () autistici org> Subject: Re: Studying buffer overflows [maybe OT]
Dump of assembler code for function main: 0x8048460 <main>: pushl %ebp 0x8048461 <main+1>: movl %esp,%ebp 0x8048463 <main+3>: subl $0x18,%esp 0x8048466 <main+6>: movl $0x0,0xfffffffc(%ebp) 0x804846d <main+13>: call 0x8048440 <f> <-- your function 0x8048472 <main+18>: movl $0x1,0xfffffffc(%ebp) <-- x =1 0x8048479 <main+25>: addl $0xfffffff8,%esp <-- this is actually stack cleanup. instead of popping the values into a register, %esp is simply modified 0x804847c <main+28>: movl 0xfffffffc(%ebp),%eax 0x804847f <main+31>: pushl %eax <-- printf() starts here with the pushing of the arguments in reverse order 0x8048480 <main+32>: pushl $0x80484e4 0x8048485 <main+37>: call 0x8048344 <printf> 0x804848a <main+42>: addl $0x10,%esp 0x804848d <main+45>: leave 0x804848e <main+46>: ret End of assembler dump. (gdb) Cya, Syzop.
on a side note... void f(void) { char a[4]; long *b; (char *)b = a + 0x08; (*b) -= 0x3b; } int main(void) { int x = 0; printf("x=%d\n", x); x = 1; printf("x=%d\n", x); f(); x = 2; /* program never reaches this point */ printf("x=%d\n", x); return 0; } this should loop infinitely printing "x=0" and "x=1" cheers -- Get your free email from www.linuxmail.org Powered by Outblaze
Current thread:
- Re: Studying buffer overflows [maybe OT], (continued)
- Re: Studying buffer overflows [maybe OT] Syzop (Apr 09)
- Re: Studying buffer overflows [maybe OT] Guillaume Morin (Apr 09)
- Re: Studying buffer overflows [maybe OT] Eric LeBlanc (Apr 09)
- Re: Studying buffer overflows [maybe OT] nocon (Apr 10)
- Re: Studying buffer overflows [maybe OT] Jan Kluka (Apr 09)
- Re: Studying buffer overflows [maybe OT] SpaceWalker (Apr 09)
- Re: Studying buffer overflows [maybe OT] Matthew Kauffman (Apr 09)
- Re: Studying buffer overflows [maybe OT] Rafal Rajs (Apr 09)
- Re: Studying buffer overflows [maybe OT] Eric LeBlanc (Apr 09)
- Re: Studying buffer overflows [maybe OT] Nasko Oskov (Apr 09)
- Re: Studying buffer overflows [maybe OT] brien mac (Apr 10)