Is this not related to wide-character unices? I seem to recall that when I ran through this tutorial having a unicode enabled glibc messed with it pretty bad. On Mon, 2002-08-12 at 13:55, Ali Saifullah Khan wrote: > Yes, you're right chris. > the distance calculated also depends on the gcc version used to > produce the assembley code viewed to calculate the distance on the > stack moved. > > versions of gcc later than ...91 seem to be showing different > activity.....like skipping 8 bytes instead of 4 for the same > purpose if i may recall. > > please do check up on that last statement....i maybe wrong about > the # of bytes skipped. > > Thankyou. > > On Wed, 31 Jul 2002 Chris Hall wrote : > > There was a thread on the vuln-dev list about this very same > >issue. I believe the distance calculated depends > >on the enviornment , ( ie: 8,16,32,64 bit systems ) > > > > > >http://online.securityfocus.com/archive/82/266675/2002-03-30/2002-04-05/1 > > > > > >-- Chris > > > >Leonard Leblanc wrote: > > > >>Hello All, > >> > >>I am trying to experience buffer overflows first hand. I have > >>glanced at a > >>number of articles and have decided to focus on "Smashing the > >>Stack for Fun > >>and Profit" from Phrack Issue 49. I am trying out the examples > >> from the text > >>and when I get to example 3 (which is the first real overflow > >>example) it > >>doesn't quite work and I'm having a little trouble figuring it > >>out. > >> > >>The following example should bypass the "x=1" statement and > >>print the > >>original value of "x" which is 0 (zero). Here's the code. > >> > >>-=-=-=-=-=-=-=-=-=-=-=-=-= > >>void function(int a, int b, int c) { > >> char buffer1[5]; > >> char buffer2[10]; > >> int *ret; > >> > >> ret = buffer1 + 12; > >> (*ret) += 8; > >>} > >> > >>void main() { > >> int x; > >> > >> x=0; > >> function(1,2,3); > >> x=1; > >> printf("%d\n",x); > >>} > >>-=-=-=-=-=-=-=-=-=-=-=-= > >> > >>When I compile and execute this code it displays one and exits. > >>I have tryed > >>this on RedHat 7.3 and Debian 2.2r6, both giving me the same > >>result. Does > >>anyone have any insight into why this wouldn't work? After > >>looking into the > >>assembly behind it, I think it has something to do with the > >>"word size", but > >>can't seem to find any information as to what the "word size" is > >>in Debian > >>or RedHat. > >> > >>Any and All comments/suggestions are more than welcome. Also if > >>anyone knows > >>of some other good text files/documents that talk about buffer > >>overflows I > >>would be happy to receive links. > >> > >>Leonard Leblanc > >> > > > > > >> > > > > > >---------------------------------------------------------------------------- > >This list is provided by the SecurityFocus Security Intelligence > >Alert (SIA) > >Service. For more information on SecurityFocus' SIA service > >which > >automatically alerts you to the latest security vulnerabilities > >please see: > >https://alerts.securityfocus.com/ > > > > > Ali Saifullah Khan, > Project Administrator, > ConnPROBE Intrusion Detection System. > __________________________________________________________ > Give your Company an email address like > ravi @ ravi-exports.com. Sign up for Rediffmail Pro today! > Know more. http://www.rediffmailpro.com/signup/ > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > -- Matt Woodyard (0x8659BAA7) CISSP SDG - Security Analyst My other computer is in Russia. 8592637344x133 33 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Aug 15 2002 - 18:54:09 PDT