Thread: Can't Produce a buffer overflow

Can someone tell me why I can't produce a buffer overflow in this: (and execute the hidden function)? The true output is supposted to be -> Hidden

Code:

(gdb) list 1,100
1       #include <stdio.h>
2       #include <stdlib.h>
3       #include <string.h>
4
5
6       void func1(char *str1);
7       void hiddenFunc();
8
9
10      void hiddenFunc()
11      {
12
13              printf("Hidden");
14      }
15
16
17      void func1(char *str1)
18      {
19              char str2[8];
20
21              strcpy(str2,str1);
22
23
24      }
25
26
27      int main(int argc, char *argv[])
28      {
29              int a,b,c;
30
31              printf("Test text");
32
33
34              func1(argv[1]);
35
36              return 0;
37
38      }
39
40
41
42
43
44

(gdb) disass main
Dump of assembler code for function main:
0x080483e2 <main+0>:    lea    0x4(&#37;esp),%ecx
0x080483e6 <main+4>:    and    $0xfffffff0,%esp
0x080483e9 <main+7>:    pushl  0xfffffffc(%ecx)
0x080483ec <main+10>:   push   %ebp
0x080483ed <main+11>:   mov    %esp,%ebp
0x080483ef <main+13>:   push   %ebx
0x080483f0 <main+14>:   push   %ecx
0x080483f1 <main+15>:   sub    $0x20,%esp
0x080483f4 <main+18>:   mov    %ecx,%ebx
0x080483f6 <main+20>:   movl   $0x8048507,(%esp)
0x080483fd <main+27>:   call   0x80482c8 <printf@plt>
0x08048402 <main+32>:   mov    0x4(%ebx),%eax
0x08048405 <main+35>:   add    $0x4,%eax
0x08048408 <main+38>:   mov    (%eax),%eax
0x0804840a <main+40>:   mov    %eax,(%esp)
0x0804840d <main+43>:   call   0x80483c8 <func1>
0x08048412 <main+48>:   mov    $0x0,%eax
0x08048417 <main+53>:   add    $0x20,%esp
0x0804841a <main+56>:   pop    %ecx
0x0804841b <main+57>:   pop    %ebx
0x0804841c <main+58>:   pop    %ebp
0x0804841d <main+59>:   lea    0xfffffffc(%ecx),%esp
0x08048420 <main+62>:   ret    
End of assembler dump.

(gdb) disass hiddenFunc
Dump of assembler code for function hiddenFunc:
0x080483b4 <hiddenFunc+0>:      push   %ebp
0x080483b5 <hiddenFunc+1>:      mov    %esp,%ebp
0x080483b7 <hiddenFunc+3>:      sub    $0x8,%esp
0x080483ba <hiddenFunc+6>:      movl   $0x8048500,(%esp)
0x080483c1 <hiddenFunc+13>:     call   0x80482c8 <printf@plt>
0x080483c6 <hiddenFunc+18>:     leave  
0x080483c7 <hiddenFunc+19>:     ret    
End of assembler dump.

(gdb) x/xw &str2
0xbfd15f00:     0xbfd10041

(gdb) x/64x $esp
0xbfe5d400:     0xbfe5d410      0xbfe5dbf7      0x08048507      0xbfe5d424
0xbfe5d410:     0xbfe50041      0xbfe5d460      0xbfe5d448      0x08048412
0xbfe5d420:     0xbfe5dbf7      0x0024d210      0xbfe5d458      0x08048459
0xbfe5d430:     0x0013ba55      0xbfe5d4f0      0xbfe5d458      0x0024eff4
0xbfe5d440:     0xbfe5d460      0x0024eff4      0xbfe5d4b8      0x00125dec
0xbfe5d450:     0x008b9ca0      0x08048440      0xbfe5d4b8      0x00125dec
0xbfe5d460:     0x00000002      0xbfe5d4e4      0xbfe5d4f0      0x008ba810
0xbfe5d470:     0x00000000      0x00000001      0x00000001      0x00000000
0xbfe5d480:     0x0024eff4      0x008b9ca0      0x00000000      0xbfe5d4b8
0xbfe5d490:     0x3b4a8b6b      0x84bd02ba      0x00000000      0x00000000
0xbfe5d4a0:     0x00000000      0x008b2450      0x00125d1d      0x008b9fc0
0xbfe5d4b0:     0x00000002      0x080482e0      0x00000000      0x08048301
0xbfe5d4c0:     0x080483e2      0x00000002      0xbfe5d4e4      0x08048440
0xbfe5d4d0:     0x08048430      0x008ad5c0      0xbfe5d4dc      0x008b5f8b
0xbfe5d4e0:     0x00000002      0xbfe5dbde      0xbfe5dbf7      0x00000000
0xbfe5d4f0:     0xbfe5dbf9      0xbfe5dc18      0xbfe5dc28      0xbfe5dc33

./a.out `perl -e 'print "\xb4\x83\x04\x08"x20'`
Segmentation fault