|
03-26-2005, 01:56 PM
| #1 |
| Registered User Join Date: Feb 2005
Posts: 38
| Segmentation fault Code: #include <stdio.h>
int call_me(void)
{
char buffer[10];
scanf("%s", buffer);
printf("%s\n", buffer);
return 0;
}
int main(void)
{
call_me();
return 0;
}
Code: [nouse@localhost nouse]$ gcc -o vuln vuln.c [nouse@localhost nouse]$ ./vuln AAAABBBBCCCCDDDD AAAABBBBCCCCDDDD [nouse@localhost nouse]$ ./vuln AAAABBBBCCCCDDDDEEEE AAAABBBBCCCCDDDDEEEE [nouse@localhost nouse]$ ./vuln AAAABBBBCCCCDDDDEEEEFFFF AAAABBBBCCCCDDDDEEEEFFFF Segmentation fault [nouse@localhost nouse]$ Also, gdb isn't working with me either. I try to check my registers to see what's going on but it says there arn't any. Code: [nouse@localhost nouse]$ gdb vuln GNU gdb 5.3-22mdk (Mandrake Linux) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i586-mandrake-linux-gnu"... (gdb) info registers The program has no registers now. (gdb) Last edited by NoUse; 03-26-2005 at 02:05 PM. |
| NoUse is offline |  |
|
03-26-2005, 02:28 PM
| #2 |
| Gawking at stupidity Join Date: Jul 2004
Posts: 2,289
| It's not guaranteed to generate a segfault if you write past the end of a buffer. It's just guaranteed to give "undefined results". Why are you trying to define an undefined result? There's no purpose in this type of exercise unless you're trying to do something malicious or some pointless trick. EDIT: BTW, the reason "gdb isn't working" is because you're using it incorrectly. The program has to be running to get register information. Try using breakpoints. Something like this: Code: itsme@itsme:~/C$ gdb malicious
GNU gdb 6.1.1
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-slackware-linux"...Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) list
4 {
5 char buffer[10];
6 scanf("%s", buffer);
7 printf("%s\n", buffer);
8 return 0;
9 }
10
11 int main(void)
12 {
13 call_me();
(gdb) break 6
Breakpoint 1 at 0x80483ba: file malicious.c, line 6.
(gdb) break 7
Breakpoint 2 at 0x80483cd: file malicious.c, line 7.
(gdb) run
Starting program: /home/itsme/C/malicious
Breakpoint 1, call_me () at malicious.c:6
6 scanf("%s", buffer);
(gdb) info registers
eax 0x10 16
ecx 0x4 4
edx 0xb7fd0b40 -1208153280
ebx 0xb7fcf60c -1208158708
esp 0xbffff720 0xbffff720
ebp 0xbffff748 0xbffff748
esi 0xb8000900 -1207957248
edi 0xbffff7b4 -1073743948
eip 0x80483ba 0x80483ba
eflags 0x282 642
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x0 0
(gdb) continue
Continuing.
foo
Breakpoint 2, call_me () at malicious.c:7
7 printf("%s\n", buffer);
(gdb) info registers
eax 0x1 1
ecx 0x0 0
edx 0x1 1
ebx 0xb7fcf60c -1208158708
esp 0xbffff720 0xbffff720
ebp 0xbffff748 0xbffff748
esi 0xb8000900 -1207957248
edi 0xbffff7b4 -1073743948
eip 0x80483cd 0x80483cd
eflags 0x246 582
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x0 0
(gdb) quit
__________________ If you understand what you're doing, you're not learning anything. Ignore any "advice" esbo tries to give you. It's wrong. Last edited by itsme86; 03-26-2005 at 02:39 PM. |
| itsme86 is offline | |
|
03-26-2005, 03:03 PM
| #3 | |
| Registered User Join Date: Feb 2005
Posts: 38
| Quote:
 Also, I'm not doing anything malicious. Just learning. Good day. Thanks again for your help. Last edited by NoUse; 03-26-2005 at 03:09 PM. | |
| NoUse is offline | |
|
03-26-2005, 03:14 PM
| #4 |
| Gawking at stupidity Join Date: Jul 2004
Posts: 2,289
| I wasn't trying to be condescending. I suggested breakpoints so you could check the registers at specific lines in your code. Just make sure you compile your program with the -g option.
__________________ If you understand what you're doing, you're not learning anything. Ignore any "advice" esbo tries to give you. It's wrong. |
| itsme86 is offline | |
|
03-26-2005, 03:29 PM
| #5 |
| Registered User Join Date: Feb 2005
Posts: 38
| Oh I see. Thanks.
__________________ I like to play pocket pool. |
| NoUse is offline | |
 |
| Thread Tools | |
| Display Modes | |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| segmentation fault... first time with unix... | theMethod | C Programming | 16 | 09-30-2008 02:01 AM |
| Re: Segmentation fault | turkish_van | C Programming | 8 | 01-20-2007 05:50 PM |
| Segmentation fault | bennyandthejets | C++ Programming | 7 | 09-07-2005 05:04 PM |
| Locating A Segmentation Fault | Stack Overflow | C Programming | 12 | 12-14-2004 01:33 PM |
| Segmentation fault... | alvifarooq | C++ Programming | 14 | 09-26-2004 12:53 PM |
Linear Mode
