Reputation: 4349
Buffer Overflow Works in GDB but not in Terminal
I am using Mac OSX. I have created a buffer overflow vulnerable program:
#include<stdio.h>
#include<string.h>
int neverCalled() {
puts("You got me to be called");
return 0;
}
int main() {
puts("Name: ");
char name[64];
gets(name);
return 0;
}
I also have created an input file containing 88 "A"s (0x414141...) and 0x700E000001000000
When run in gdb:
(gdb) run < input
I get the output: You got me to be called and then a EXC_BAD_ACCESS error. Meaning that I exploited the program successfully.
When run it in terminal:
$ ./vulnerable < input
I get the output: Segmentation fault: 11 and nothing more.
Why does my buffer overflow work in gdb but fail in normal terminal.
Upvotes: 1
Views: 651
Answers (2)
Reputation: 5614
gdb on mac os X appears to disable address space layout randomization
http://reverse.put.as/2011/08/11/how-gdb-disables-aslr-in-mac-os-x-lion/
Upvotes: 1
Reputation: 5137
Why 0x700E000001000000? Your exploit seems to be layout-specific, probably out of what gdb prints when typing "p neverCalled".
This is not guaranteed in all executions. As cabellicar123 correctly pointed out, the layout where libraries and executable are mapped in a process are randomized and not guaranteed to be the same between executions.
For some reason it seems that gdb always gets the same layout. As an exercise include "printf("%p"\n", neverCalled)" somewhere in your program and see how the value changes.
Upvotes: 0
Related Questions
- Buffer overflow works in gdb but not without it
- Stack Buffer Overflow: Works on GDB, doesn't outside it
- gdb stuck when trying to run buffer overflow exploit
- I'm trying to exploit a bufferoverflow, am I doing something wrong?
- Can't Reproduce Buffer Overflow Without GDB
- Buffer overflow successful, but it shouldn't be?
- Runs in gdb but not out of gdb
- Buffer overflows on 64 bit
- Buffer overflow doesn't run
- buffer overflow problem