I have a simple code example that I'm following from the Smashing the Stack article on buffer overflows. I can overwrite the return address, but when it actually returns it segfaults.
Unworking Version:
Code:
char shellcode[] =
"\xeb\x2a\x5e\x89\x76\x08\xc6\x46\x07\x00\xc7\x46\x0c\x00\x00\x00"
"\x00\xb8\x0b\x00\x00\x00\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80"
"\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80\xe8\xd1\xff\xff"
"\xff\x2f\x62\x69\x6e\x2f\x73\x68\x00\x89\xec\x5d\xc3";
void function()
{
int *ret;
ret = (char *)&ret + 8;//11 in main
printf("return address is %x\n",*ret);//correctly prints return address
printf("shell code located at %x\n",&shellcode[0]);
(*ret) = &shellcode[0];
printf("If I get here it means my problem is in returning, not in touching the pointer\n");
printf("Trying to return to address: %x\n",*ret);
}
void main()
{
function();
}
This version prints out everything its supposed to. The address it tries to return to is the address of the first block of the shell code.
Working version:
Here's a simple version that does work for comparison but doesn't do any shell coding, it just skips a line
Code:
void function(int a,int b, int c)
{
char buffer1[5];
int *ret;
ret = &buffer1[13]; //-4 stack pointer
(*ret) += 7;
}
void main()
{
int x;
x=4;
function(1,2,3);
x=1;
printf("%d\n",x);
}
Can the compiler tell that I'm trying to point my memory to something in data segment rather than something on the stack? Is there a way to tell if its a problem with the assembly code in the array?
Thanks