Reputation: 179
Using gdb to calculate return address
I'm currently doing a school project right now, and I'm lost on using gdb on ubuntu to find a buffer overflow vulnerability.
I've never used gdb before, but did a little bit of research on the internet and when I used the "disas main" command I was quite overwhelmed at what I was looking at.
I was wondering if someone can walk me through on how to debug this program or any other programs and show me how the return address is found.
I have this code here:
/* This program has a buffer overflow vulnerability. */
/* Our task is to exploit this vulnerability */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int bof(char *str)
{
char buffer[12];
/* The following statement has a buffer overflow problem */
strcpy(buffer, str);
return 1;
}
int main(int argc, char **argv)
{
char str[512];
FILE *badfile;
badfile = fopen("badfile", "r");
fread(str, sizeof(char), 5122, badfile);
bof(str);
printf("Returned Properly\n");
return 1;
}
Upvotes: 1
Views: 4155
Answers (1)
Reputation: 1479
In the debugger you can see the disassembled code, just put a break point to the ret operand of your function. When it stops, see the value of the esp register which points you to the stack address. Then explore the memory at this address and the first 4 (depending on your platform) bytes will give you the address which will be used to return to.
Upvotes: 1
Related Questions
- Using Boolean values in C
- Is it possible to iterate over arguments in variadic macros?
- What should main() return in C and C++?
- Call to strcpy() function in GDB is not working when tried to copy argv[1] value (string passed as cmd argument) to a dynamically allocated $dyn var
- Application behaves differently on different machines
- Using ESP to calculate overflow return address
- Weird execution path caused by stack buffer overflow