I bought a book to understand how programs work, stacks, heaps, etc. I'm still on the introduction part where it's giving you an example of a buffer overflow. The only problem is that I can't understand why my output won't match the book. I would understand it if it worked but...I can't put the pieces together. Shed some light if you could.
Code:
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
int value = 5;
char buffer_one[8], buffer_two[8];
strcpy(buffer_one, "one"); /* Put "one" into buffer_one. */
strcpy(buffer_two, "two"); /* Put "two" into buffer_two. */
printf("[BEFORE] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
printf("[BEFORE] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
printf("[BEFORE] value is at %p and is %d (0x%08x)\n", &value, value, value);
printf("\n[STRCPY] copying %d bytes into buffer_two\n\n", strlen(argv[1]));
strcpy(buffer_two, argv[1]); /* Copy first argument into buffer_two. */
printf("[AFTER] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
printf("[AFTER] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
printf("[AFTER] value is at %p and is %d (0x%08x)\n", &value, value, value);
}
Here are the results I have.
[BEFORE] buffer_two is at 0x7fff494e9210 and contains 'two'
[BEFORE] buffer_one is at 0x7fff494e9220 and contains 'one'
[BEFORE] value is at 0x7fff494e920c and is 5 (0x00000005)
[STRCPY] copying 10 bytes into buffer_two
[AFTER] buffer_two is at 0x7fff494e9210 and contains '1234567890'
[AFTER] buffer_one is at 0x7fff494e9220 and contains 'one'
[AFTER] value is at 0x7fff494e920c and is 5 (0x00000005)
Here is what it's supposed to look like.
[BEFORE] buffer_two is at 0xbffff7f0 and contains 'two'
[BEFORE] buffer_one is at 0xbffff7f8 and contains 'one'
[BEFORE] value is at 0xbffff804 and is 5 (0x00000005)
[STRCPY] copying 10 bytes into buffer_two
[AFTER] buffer_two is at 0xbffff7f0 and contains '1234567890'
[AFTER] buffer_one is at 0xbffff7f8 and contains '90'
[AFTER] value is at 0xbffff804 and is 5 (0x00000005)
Notice how in the after section buffer_one isn't getting overwritten