Reputation: 3
Stack cookie bypass demonstration 2 : Virtual Function call -- Can't compile debug build in VS2008 - 0xC0000005: Access violation reading location
// gsvtable.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "windows.h"
class Foo {
public:
void __declspec(noinline) gs3(char* src)
{
char buf[8];
strcpy(buf, src);
bar(); // virtual function call
}
virtual void __declspec(noinline) bar()
{
}
};
int main()
{
Foo foo;
foo.gs3(
"AAAA"
"BBBB"
"CCCC"
"DDDD"
"EEEE"
"FFFF");
return 0;
}
When I try to compile the above code in Visual Studio 2008 I get this:
Unhandled exception at 0x004114f0 in gsvtable.exe: 0xC0000005: Access violation reading location 0x45454545.
When I click break it breaks on:
11: bar(); // virtual function call
004114ED 8B 45 F4 mov eax,dword ptr [ebp-0Ch]
==> 004114F0 8B 10 mov edx,dword ptr [eax]
Registers:
EAX = 45454545 EBX = 7FFD9000 ECX = 00415758 EDX = 00000000 ESI = 00000000
EDI = 0012FE84 EIP = 004114F0 ESP = 0012FD98 EBP = 0012FE84 EFL = 00000202
45454545 = ????????
My compile command line arguments:
/Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_UNICODE" /D "UNICODE" /Gm /EHsc /RTC1 /MDd /Yu"stdafx.h" /Fp"Debug\gsvtable.pch" /Fo"Debug\\" /Fd"Debug\vc90.pdb" /W3 /nologo /c /ZI /TP /errorReport:prompt
and the linker arguments:
/OUT:"C:\Documents and Settings\pca\My Documents\Visual Studio 2008\Projects\gsvtable\Debug\gsvtable.exe" /INCREMENTAL /NOLOGO /MANIFEST /MANIFESTFILE:"Debug\gsvtable.exe.intermediate.manifest" /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /DEBUG /PDB:"c:\Documents and Settings\pca\My Documents\Visual Studio 2008\Projects\gsvtable\Debug\gsvtable.pdb" /SUBSYSTEM:CONSOLE /DYNAMICBASE /NXCOMPAT /MACHINE:X86 /ERRORREPORT:PROMPT kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib
The above code is from https://web.archive.org/web/20150425014136/https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/ section "Stack cookie bypass demonstration 2 : Virtual Function call" where I am supposed to enable GS protection (its already enabled by default).
What am I doing wrong? What can I do to make this code compile so I can follow along in the tutorial? How many arguments does this application take?
Googling the error code indicates something along the lines of it happens when a pointer has not been set to anything. But it doesn't get me anywhere closer to getting this app to compile.
Upvotes: 0
Views: 103
Answers (1)
Reputation: 25286
45454545 in the EAX register clearly isn't a valid memory address. So moving the contents of that "address" causes the access violation.
The cause is that you copy a too long string to the only 8 bytes of buf.
Upvotes: 1
Related Questions
- Call C standard library function from asm in Visual Studio
- TerminateThread() with CloseHandle() on thread which uses only stack plain variables (without alloc) leaks memory?
- LNK2019: Unresolved external symbol __imp__ in the .obj file in Line 1
- Visual C++ saying void function needs to return a value
- Why am I getting an "unresolved external symbol" message?
- strange level of indirection of a function call
- CUDA not working in 64 bit windows 7