CODEWITHSUNDEEP
clinuxassemblydisassembly
er4z0r
er4z0r

Reputation: 4901

Understanding stack in linux

I have a small (and vulnerable) C sample:

#include <unistd.h>

int main(int argc, char *argv[])
{
    char buff[100];

    if(argc < 2)
    {
        printf("Syntax: %s <input string>\n", argv[0]);
        exit (0);
    }

    strcpy(buff, argv[1]);
    return 0;
}

I compiled it with:

gcc -o basic_overflow basic_overflow.c -fno-stack-protector -fno-builtin

When I open this program with gdb, disassembly looks like this:

Dump of assembler code for function main:
   0x08048424 <+0>: push   ebp
   0x08048425 <+1>: mov    ebp,esp
   0x08048427 <+3>: and    esp,0xfffffff0
   0x0804842a <+6>: add    esp,0xffffff80
...

Setting a breakpoint in main (after the prologue). Since we have a local buffer I would expect my stackframe to be 100 bytes in size. However when I do $ebp-$esp, I can see that the result is actually 136.

Plattform: Linux user-VirtualBox 2.6.38-8-generic #42-Ubuntu SMP Mon Apr 11 03:31:50 UTC 2011 i686 i686 i386 GNU/Linux

Compiler: gcc (Ubuntu/Linaro 4.5.2-8ubuntu4) 4.5.2 Debugger: GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2 What did I get wrong?

Upvotes: 3

Views: 321

Answers (1)

peterph
peterph

Reputation: 980

It's not just the size of the local variables - generally speaking there is the padding to the size specified by the platform ABI, clobbered registers, alloca() area... - check for example this nice picture

Upvotes: 3

Related Questions