----- Original Message ----- From: Syzop <syzat_private> Date: Tue, 09 Apr 2002 16:27:22 +0200 To: darko <darkoat_private> Subject: Re: Studying buffer overflows [maybe OT] > Dump of assembler code for function main: > 0x8048460 <main>: pushl %ebp > 0x8048461 <main+1>: movl %esp,%ebp > 0x8048463 <main+3>: subl $0x18,%esp > 0x8048466 <main+6>: movl $0x0,0xfffffffc(%ebp) > 0x804846d <main+13>: call 0x8048440 <f> <-- your function > 0x8048472 <main+18>: movl $0x1,0xfffffffc(%ebp) <-- x =1 > 0x8048479 <main+25>: addl $0xfffffff8,%esp <-- this is actually stack cleanup. instead of popping the values into a register, %esp is simply modified > 0x804847c <main+28>: movl 0xfffffffc(%ebp),%eax > 0x804847f <main+31>: pushl %eax <-- printf() starts here with the pushing of the arguments in reverse order > 0x8048480 <main+32>: pushl $0x80484e4 > 0x8048485 <main+37>: call 0x8048344 <printf> > 0x804848a <main+42>: addl $0x10,%esp > 0x804848d <main+45>: leave > 0x804848e <main+46>: ret > End of assembler dump. > (gdb) > Cya, > > Syzop. > on a side note... void f(void) { char a[4]; long *b; (char *)b = a + 0x08; (*b) -= 0x3b; } int main(void) { int x = 0; printf("x=%d\n", x); x = 1; printf("x=%d\n", x); f(); x = 2; /* program never reaches this point */ printf("x=%d\n", x); return 0; } this should loop infinitely printing "x=0" and "x=1" cheers -- Get your free email from www.linuxmail.org Powered by Outblaze
This archive was generated by hypermail 2b30 : Wed Apr 10 2002 - 21:09:38 PDT