Hello fellow programmers,
Let's say I wrote a small program that took user input from argv[1]. Is there any way for the user to input some "\x##" hex line and the input to recognize it as actual hex as opposed to assuming your actual input was suppose to be "\x##"?
Thanks in advance. :]
You could check for the leading "\x", then take a substring of the rest of argv[1] and use say strtol() on it.
Look up a C++ Reference and learn How To Ask Questions The Smart WayOriginally Posted by Bjarne Stroustrup (2000-10-14)
Well that in part depends on what your shell does with escape characters.
If you want
./myprog 0xFF
then that is obvious and unambiguous, and it will work. Sure, you have to convert in the program, but so what?
./myprog \xFF
as an attempt to get a single character in argv[1] is problematic to say the least.
The next question is "why do you want to do this?"
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
If at first you don't succeed, try writing your phone number on the exam paper.
It's not my program to edit. I wanted to purposely bypass input as string to hex in order to see if I could get a buffer overflow and overwrite the return address.
This being said it's strictly for academic reasons (Security Programming that is).
I've tried those before and still it never works. The input still regards it as user input meant to be "\x###". I tried using the redirection to see if that changed anything, but alas that failed me too. Only in gdb does it seem to work.
As argv[1] is by definition a char* pointer, you can't bypass that. As others have pointed out, one way would be to convert the string that argv[1] points to and go from there. Btw, what kind of buffer overflow are you trying to simulate and which return address are you trying to overwrite?
I wasn't aware there were several 'kinds' of buffer overflows. I was given a small program that takes a name and stores it in a small array. I already got it to seg fault but my main concern was getting the address right which I was I tried resorting to hex. It's suppose to print out the user's input name and then print another line after it. I'm trying to make it skip the second printed line but alas my hex idea is falling to shambles.
Nope there aren't - it's just jargon for running out of memory during runtime.
If your program segfaults, then you have buffer overflow. As for the second part I'm not sure what you are doing with the return address and which return address in the first place. It would help if you provide more details.
Well assuming we have some trivial program:
I want to make it so that it outputs some alternative ending that I insert into the program other than "this is the end of foo(). Goodbye. " so rather than it printing:Code:void foo(char* name) { char buffer[10]; sprintf(buffer, "Dear %s ", name); printf("this is the end of foo(). Goodbye. \n"); } void main(int argc, char **argv) { if ( argc > 1 ) foo(argv[1]); }
/.prog Julie
Dear Julie this is the end of foo(). Goodbye.
I wanted to overwrite it so that it would do something to effect of:
./prog Julie, you stink.
Dear Julie, you stink.
and it would completely bypass the last printf statement in foo().
I'm still relatively new to using GDB and other than run, step, b, and disas I'm not too sure what other functions could show me a sort 'snapshot' of the register contents and what is being overwritten.
And, Julie, you stink are three separate strings; and would be stored in argv[1], argv[2], and argv[3] respectively.
If you know howto read assembly, then that would be the best way to go. That will tell you where those strings are stored, so you could clear the contents of the register that holds the address of "this is the end of foo(). Goodbye. \n" string.
I meant to write "Julie, you suck" in quotations so that the parser read it all as one string and not different ones. Oops.
As for assembly I was able to figure out and write some shellcode that executed exactly what I needed. Thanks for the help.
> I was able to figure out and write some shellcode that executed exactly what I needed
C Board - Announcements in Forum : C Programming
"
5. Messages relating to cracking, (erroneously called "hacking" by many), copyright violations, or other illegal activities will be deleted. Due to the overlapping boundaries of code with malicious intent, and other legitimate uses of it, the moderators will assess each potential infraction on a case by case basis.
"
This kind of talk gets people banned in a hurry.
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
If at first you don't succeed, try writing your phone number on the exam paper.
Not to come come off too snarky, but then shouldn't the professors of universities get fired as well for teaching the programmers defensive programming. In order to beat the crackers, you must think like one. I realize that many programmers do practice good skills such as bounds checking, but it's also good to be educated in both areas. It's like saying that people should get banned for writing brute force programs. Not all of these tactics have been used for bad purposes even though we mostly hear about them when something gets broken.
As I mentioned above, a similar sort of buffer overflow question was posed during class after an assignment and this was purely academic. I'm not here for malicious purposes whatsoever, so do what you will with me. If you think educating yourself to further better your programming is wrong in this case, and this point in time then so be it.
Please go ahead and delete this entry since my questions were already answered. After all I spoke to my professor and a simple input of "Name <space bar>x20" was actually what he was looking for, as opposed to the assembly tinkering I did to spawn this post.
Sorry.
Last edited by Diavolche; 04-27-2010 at 06:01 PM. Reason: Typos
