Program input to recognize as hex and not characters

This is a discussion on Program input to recognize as hex and not characters within the C Programming forums, part of the General Programming Boards category; Hello fellow programmers, Let's say I wrote a small program that took user input from argv[1]. Is there any way ...

  1. #1
    Registered User
    Join Date
    Apr 2010
    Posts
    8

    Program input to recognize as hex and not characters

    Hello fellow programmers,
    Let's say I wrote a small program that took user input from argv[1]. Is there any way for the user to input some "\x##" hex line and the input to recognize it as actual hex as opposed to assuming your actual input was suppose to be "\x##"?

    Thanks in advance. :]

  2. #2
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    21,753
    You could check for the leading "\x", then take a substring of the rest of argv[1] and use say strtol() on it.
    C + C++ Compiler: MinGW port of GCC
    Version Control System: Bazaar

    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  3. #3
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,556
    Well that in part depends on what your shell does with escape characters.

    If you want
    ./myprog 0xFF
    then that is obvious and unambiguous, and it will work. Sure, you have to convert in the program, but so what?

    ./myprog \xFF
    as an attempt to get a single character in argv[1] is problematic to say the least.

    The next question is "why do you want to do this?"
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  4. #4
    Registered User
    Join Date
    Apr 2010
    Posts
    8
    Quote Originally Posted by laserlight View Post
    You could check for the leading "\x", then take a substring of the rest of argv[1] and use say strtol() on it.
    It's not my program to edit. I wanted to purposely bypass input as string to hex in order to see if I could get a buffer overflow and overwrite the return address.

    This being said it's strictly for academic reasons (Security Programming that is).

  5. #5
    Registered User
    Join Date
    Apr 2010
    Posts
    8
    Quote Originally Posted by Salem View Post
    If you want
    ./myprog 0xFF
    then that is obvious and unambiguous, and it will work. Sure, you have to convert in the program, but so what?

    ./myprog \xFF
    as an attempt to get a single character in argv[1] is problematic to say the least.

    The next question is "why do you want to do this?"
    I've tried those before and still it never works. The input still regards it as user input meant to be "\x###". I tried using the redirection to see if that changed anything, but alas that failed me too. Only in gdb does it seem to work.

  6. #6
    Registered User
    Join Date
    Oct 2008
    Location
    TX
    Posts
    2,047
    As argv[1] is by definition a char* pointer, you can't bypass that. As others have pointed out, one way would be to convert the string that argv[1] points to and go from there. Btw, what kind of buffer overflow are you trying to simulate and which return address are you trying to overwrite?

  7. #7
    Registered User
    Join Date
    Apr 2010
    Posts
    8
    Quote Originally Posted by itCbitC View Post
    what kind of buffer overflow are you trying to simulate and which return address are you trying to overwrite?
    I wasn't aware there were several 'kinds' of buffer overflows. I was given a small program that takes a name and stores it in a small array. I already got it to seg fault but my main concern was getting the address right which I was I tried resorting to hex. It's suppose to print out the user's input name and then print another line after it. I'm trying to make it skip the second printed line but alas my hex idea is falling to shambles.

  8. #8
    Registered User
    Join Date
    Oct 2008
    Location
    TX
    Posts
    2,047
    Quote Originally Posted by Diavolche View Post
    I wasn't aware there were several 'kinds' of buffer overflows.
    Nope there aren't - it's just jargon for running out of memory during runtime.
    Quote Originally Posted by Diavolche View Post
    I was given a small program that takes a name and stores it in a small array. I already got it to seg fault but my main concern was getting the address right which I was I tried resorting to hex. It's suppose to print out the user's input name and then print another line after it. I'm trying to make it skip the second printed line but alas my hex idea is falling to shambles.
    If your program segfaults, then you have buffer overflow. As for the second part I'm not sure what you are doing with the return address and which return address in the first place. It would help if you provide more details.

  9. #9
    Registered User
    Join Date
    Apr 2010
    Posts
    8
    Well assuming we have some trivial program:
    Code:
    void foo(char* name)
    {
       char buffer[10];
       sprintf(buffer, "Dear %s ", name);
       printf("this is the end of foo(). Goodbye. \n");
    }
    
    void main(int argc, char **argv)
    {
      if ( argc > 1 )
        foo(argv[1]);
    }
    I want to make it so that it outputs some alternative ending that I insert into the program other than "this is the end of foo(). Goodbye. " so rather than it printing:

    /.prog Julie
    Dear Julie this is the end of foo(). Goodbye.

    I wanted to overwrite it so that it would do something to effect of:
    ./prog Julie, you stink.
    Dear Julie, you stink.
    and it would completely bypass the last printf statement in foo().

    I'm still relatively new to using GDB and other than run, step, b, and disas I'm not too sure what other functions could show me a sort 'snapshot' of the register contents and what is being overwritten.

  10. #10
    Registered User
    Join Date
    Oct 2008
    Location
    TX
    Posts
    2,047
    Quote Originally Posted by Diavolche View Post
    Well assuming we have some trivial program:
    Code:
    void foo(char* name)
    {
       char buffer[10];
       sprintf(buffer, "Dear %s ", name);
       return;           /* a simple return will do the trick */
       printf("this is the end of foo(). Goodbye. \n");
    }
    
    void main(int argc, char **argv)
    {
      if ( argc > 1 )
        foo(argv[1]);
    }
    And, Julie, you stink are three separate strings; and would be stored in argv[1], argv[2], and argv[3] respectively.
    Quote Originally Posted by Diavolche View Post
    I'm still relatively new to using GDB and other than run, step, b, and disas I'm not too sure what other functions could show me a sort 'snapshot' of the register contents and what is being overwritten.
    If you know howto read assembly, then that would be the best way to go. That will tell you where those strings are stored, so you could clear the contents of the register that holds the address of "this is the end of foo(). Goodbye. \n" string.

  11. #11
    Registered User
    Join Date
    Apr 2010
    Posts
    8
    Quote Originally Posted by itCbitC View Post
    And, Julie, you stink are three separate strings; and would be stored in argv[1], argv[2], and argv[3] respectively.

    If you know howto read assembly, then that would be the best way to go.
    I meant to write "Julie, you suck" in quotations so that the parser read it all as one string and not different ones. Oops.

    As for assembly I was able to figure out and write some shellcode that executed exactly what I needed. Thanks for the help.

  12. #12
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,556
    > I was able to figure out and write some shellcode that executed exactly what I needed
    C Board - Announcements in Forum : C Programming
    "
    5. Messages relating to cracking, (erroneously called "hacking" by many), copyright violations, or other illegal activities will be deleted. Due to the overlapping boundaries of code with malicious intent, and other legitimate uses of it, the moderators will assess each potential infraction on a case by case basis.
    "

    This kind of talk gets people banned in a hurry.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  13. #13
    Registered User
    Join Date
    Apr 2010
    Posts
    8
    Quote Originally Posted by Salem View Post
    > This kind of talk gets people banned in a hurry.
    Not to come come off too snarky, but then shouldn't the professors of universities get fired as well for teaching the programmers defensive programming. In order to beat the crackers, you must think like one. I realize that many programmers do practice good skills such as bounds checking, but it's also good to be educated in both areas. It's like saying that people should get banned for writing brute force programs. Not all of these tactics have been used for bad purposes even though we mostly hear about them when something gets broken.

    As I mentioned above, a similar sort of buffer overflow question was posed during class after an assignment and this was purely academic. I'm not here for malicious purposes whatsoever, so do what you will with me. If you think educating yourself to further better your programming is wrong in this case, and this point in time then so be it.

    Please go ahead and delete this entry since my questions were already answered. After all I spoke to my professor and a simple input of "Name <space bar>x20" was actually what he was looking for, as opposed to the assembly tinkering I did to spawn this post.

    Sorry.
    Last edited by Diavolche; 04-27-2010 at 06:01 PM. Reason: Typos

Popular pages Recent additions subscribe to a feed

Tags for this Thread


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21