Dans un message du 08 avr à 23:21, darko écrivait : > I've started to study buffer overflows. I wrote the following code: > > void f() { > char a[4]; > int *b; > b = a + 0x8; > (*b) += 0x8; > } > > main() { > int x; > x = 0; > f(); > x = 1; > printf("%d\n", x); > } > > I want, after the call to f(), the program jump to printf() so the > value of x should remain 0, not 1. I always get segmentation faults, > bus errors, etc. and never that fuc*ing "x = 0" !! Tested on a > Celeron 433, red hat 7.2, gcc 2.96. It depends on your compiler. If I compile this program on an x86 box with gcc 2.95.2, I get (using objdump -d on the binary) 80483fa: c7 45 fc 00 00 00 00 movl $0x0,0xfffffffc(%ebp) 8048401: e8 ce ff ff ff call 80483d4 <f> 8048406: c7 45 fc 01 00 00 00 movl $0x1,0xfffffffc(%ebp) 804840d: 83 c4 f8 add $0xfffffff8,%esp you want to skip 8049406, so you have to add 7 to the return value. If I modify (*b) += 0x8; to (*b) += 7;, I get : guillaum@cedar ~$ ./foo 0 guillaum@cedar ~$ HTH. -- Guillaume Morin <guillaumeat_private> Justice is lost, Justice is raped, Justice is done. (Metallica)
This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 11:05:54 PDT