Yes, you're right chris. the distance calculated also depends on the gcc version used to produce the assembley code viewed to calculate the distance on the stack moved. versions of gcc later than ...91 seem to be showing different activity.....like skipping 8 bytes instead of 4 for the same purpose if i may recall. please do check up on that last statement....i maybe wrong about the # of bytes skipped. Thankyou. On Wed, 31 Jul 2002 Chris Hall wrote : > There was a thread on the vuln-dev list about this very same >issue. I believe the distance calculated depends >on the enviornment , ( ie: 8,16,32,64 bit systems ) > > >http://online.securityfocus.com/archive/82/266675/2002-03-30/2002-04-05/1 > > >-- Chris > >Leonard Leblanc wrote: > >>Hello All, >> >>I am trying to experience buffer overflows first hand. I have >>glanced at a >>number of articles and have decided to focus on "Smashing the >>Stack for Fun >>and Profit" from Phrack Issue 49. I am trying out the examples >> from the text >>and when I get to example 3 (which is the first real overflow >>example) it >>doesn't quite work and I'm having a little trouble figuring it >>out. >> >>The following example should bypass the "x=1" statement and >>print the >>original value of "x" which is 0 (zero). Here's the code. >> >>-=-=-=-=-=-=-=-=-=-=-=-=-= >>void function(int a, int b, int c) { >> char buffer1[5]; >> char buffer2[10]; >> int *ret; >> >> ret = buffer1 + 12; >> (*ret) += 8; >>} >> >>void main() { >> int x; >> >> x=0; >> function(1,2,3); >> x=1; >> printf("%d\n",x); >>} >>-=-=-=-=-=-=-=-=-=-=-=-= >> >>When I compile and execute this code it displays one and exits. >>I have tryed >>this on RedHat 7.3 and Debian 2.2r6, both giving me the same >>result. Does >>anyone have any insight into why this wouldn't work? After >>looking into the >>assembly behind it, I think it has something to do with the >>"word size", but >>can't seem to find any information as to what the "word size" is >>in Debian >>or RedHat. >> >>Any and All comments/suggestions are more than welcome. Also if >>anyone knows >>of some other good text files/documents that talk about buffer >>overflows I >>would be happy to receive links. >> >>Leonard Leblanc >> > > >> > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence >Alert (SIA) >Service. For more information on SecurityFocus' SIA service >which >automatically alerts you to the latest security vulnerabilities >please see: >https://alerts.securityfocus.com/ > Ali Saifullah Khan, Project Administrator, ConnPROBE Intrusion Detection System. __________________________________________________________ Give your Company an email address like ravi @ ravi-exports.com. Sign up for Rediffmail Pro today! Know more. http://www.rediffmailpro.com/signup/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Aug 12 2002 - 12:47:13 PDT