缓冲区溢出 一个自带缓冲区溢出bug的代码 greeting函数存在buffer overflow $ gdb -q meet warning: ~/gef/gef.py: No such file or directory warning: ~/gef/scripts/helpme.py: No such file or directory Reading symbols from meet... (gdb) list 1 // meet.c 2 #include <stdio.h> // needed for screen printing 3 #include <string.h> // needed for strcpy 4 void greeting(char *temp1,char *temp2){ // greeting function to say hello 5 char name[400]; // string variable to hold the name 6 strcpy(name, temp2); // copy argument to name with the infamous strcpy 7 printf("Hello %s %s\n", temp1, name); // print out the greeting 8 } 9 int main(int argc, char * argv[]){ // note the format for arguments……

阅读全文

weekness programe // meet.c #include <stdio.h> // needed for screen printing #include <string.h> // needed for strcpy void greeting(char *temp1,char *temp2){ // greeting function to say hello char name[400]; // string variable to hold the name strcpy(name, temp2); // copy argument to name with the infamous strcpy printf("Hello %s %s\n", temp1, name); // print out the greeting } int main(int argc, char * argv[]){ // note the format for arguments greeting(argv[1], argv[2]); // call function, pass title & name printf("Bye %s %s\n", argv[1], argv[2]); // say "bye" } // exit program stack frame | name[400] | ebp | eip | temp1 | temp2 | disassemble greeting (gdb) disass greeting Dump of assembler code for function greeting: 0x56556201 <+0>: push %ebp 0x56556202 <+1>: mov %esp,%ebp 0x56556204 <+3>: push %ebx 0x56556205 <+4>: sub $0x190,%esp 0x5655620b <+10>: call 0x565560c0 <__x86.get_pc_thunk.bx> 0x56556210 <+15>: add……

阅读全文