Thread: Buffer Overrun Project, Problem Entering NULL in to stream

  1. #1
    Registered User
    Join Date
    Jan 2006

    Buffer Overrun Project, Problem Entering NULL in to stream

    Iíve got a strange assignment from a class in which Iím supposed to initiate a buffer overrun to see how easy it is for someone to take advantage of the gets() function.

    The basic program that Iím given is this:

    typedef struct student
    	char name[20];
    	float amount;
    	int other_stuff;
    } person;
    int _tmain(int argc, _TCHAR* argv[])
    	person p; // Create a person account (on the stack)
    	p.amount = 10.0; // set amount
    	printf("enter name: ");
    	gets(; // get name (blindly ignoring buffer overrun)
    	printf("Here is a $%6.2f gift for %s\n", p.amount,;
    	getch(); // Wait for user to type <Enter> before quitting
    	return 0;
    I understand that if I write more than 20 characters and the command prompt I will start writing in to the area in memory where ďamountĒ is located so I can change it to anything that I want it to be. We are supposed to set the ďamountĒ to 1,000,000 which Iíve figured out is Ė 0x00 0x24 0x74 0x49 when arranged in memory. I know that I can hold down alt and input the decimal equivalent of those numbers to overwrite memory but I canít get a NULL to work for my first byte.

    In a perfect world I would use this NULL after I enter my name then put in whatever I want up until I get to the amount area in memory and write in alt 000, alt 036, alt 116, alt 073. Unfortunately I canít get alt 000 to register and Iím wondering if there is another way to put a NULL bit in to the stream at a command prompt.

    Does anyone have any ideas?


    I might be wrong on what I need to enter as now looking in my debugger I see a different hex representation for 1,000,000 - 0x00 0x50 0xc3 0x47
    Last edited by Peter5897; 07-10-2006 at 03:52 PM.

  2. #2
    Hardware Engineer
    Join Date
    Sep 2001
    gets() should automatcially add the null, when you hit ENTER.

    1,000,000 decimal converts to F4240 hex as an integer. But, when it comes to storing a float, things get complicated, so, the debugger is probably the best way to do it.
    Last edited by DougDbug; 07-10-2006 at 04:16 PM.

  3. #3
    Registered User
    Join Date
    Jan 2006
    Yeah but that's the problem, I want a NULL before I hit enter. In an ideal world I'd have a NULL after I enter my name so that it acts as a normal C string and then I would have a NULL in my representation of float 1,000,000 as well.

    IE "Jo BobNULL--------------FLOAT VAL" would be my input at the command line where FLOAT VAL would be whatever characters are needed to make 1,000,000 in floating point arithmetic.
    Last edited by Peter5897; 07-11-2006 at 12:54 AM.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Inserting a swf file in a windows application
    By face_master in forum Windows Programming
    Replies: 12
    Last Post: 05-03-2009, 11:29 AM
  2. Problem with empty stream
    By sshahar1 in forum C Programming
    Replies: 8
    Last Post: 09-03-2007, 05:00 PM
  3. Help with yacc/compiler design/seg fault
    By trippeer in forum C Programming
    Replies: 1
    Last Post: 04-08-2005, 03:43 AM
  4. opengl program as win API menu item
    By SAMSAM in forum Game Programming
    Replies: 1
    Last Post: 03-03-2003, 07:48 PM
  5. simulate Grep command in Unix using C
    By laxmi in forum C Programming
    Replies: 6
    Last Post: 05-10-2002, 04:10 PM