Re: Smashing the Stack?

From: Ali Saifullah Khan (whipazat_private)
Date: Wed Jul 17 2002 - 11:54:39 PDT

Next message: strangeat_private: "Re: Smashing the Stack?"

Previous message: Adam [wp-ckkl]: "Re: Badware update through P2P?"
Maybe in reply to: Jeremy Junginger: "Smashing the Stack?"
Next in thread: yatima: "Re: Smashing the Stack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Are you sure you compiled that particular piece of code with -S for generating asm output.........

gcc -S -o test.s test.c

my output shows that 20 bytes are subtracted, as shown :

test.c

void function(int a, int b, int c) {

        char buff1[5];
        char buff2[10];

}

void main() {
      function(1,2,3);
}

Here's the assembly output :

------------------------------------------------------------------
	.file	"test.c"
	.version	"01.01"
gcc2_compiled.:
.text
	.align 4
.globl function
	.type	 function,@function
function:
	pushl %ebp
	movl %esp,%ebp
	subl $20,%esp     ************** Here it is !!! 20 bytes it is.
***********************************************************************

.L1:
	leave
	ret
.Lfe1:
	.size	 function,.Lfe1-function
	.align 4
.globl main
	.type	 main,@function
main:
	pushl %ebp
	movl %esp,%ebp
	pushl $3
	pushl $2
	pushl $1
	call funciton
	addl $12,%esp
.L2:
	leave
	ret
.Lfe2:
	.size	 main,.Lfe2-main
	.ident	"GCC: (GNU) egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)"

--------------------------------------------------------------------

Ali Saifullah Khan,
Project Administrator,
ConnPROBE Intrusion Detection System,
Sourceforge OpenSource Developer Networks.


>Am Mit, 2002-07-17 um 17.46 schrieb Jeremy Junginger:
>> In "Smashing the Stack for Fun and Profit" by Aleph One, There is a nice
>> example program called example1.c.  It looks like this:
>> 
>> void function(int a, int b, int c) {
>> 	char buffer1[5];
>> 	char buffer2[10];
>> 
>> void main() {
>> 	function(1,2,3);
>> }
>> 
>> Then, we go through how to generate assembley code output, how the
>> values are pushed onto the stack in reverse order, then the function
>> call, then moves the Frame Pointer onto the stack and copies the current
>> Stack Pointer into EBP.  That part is groovy.  Then when we look at the
>> function, in the example, he discusses how memory buffers are allocated
>> in "word" (4 byte) increments.   That makes sense; however, when I
>> generate the assembly code with the exact same code, I see that it is
>> subtracting 40 rather than the expected 20
>> (bufger1(5bytes=2words=8bytes+10bytes=3words=12bytes).  This part looks
>> crucial to understanding the rest of the concepts in the paper, so I'm
>> hesitant to continue without understanding this descrepancy.  Any input
>> would be very much appreciated.

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with emailat_private by Everyone.net  http://www.everyone.net/?btn=tag

Next message: strangeat_private: "Re: Smashing the Stack?"
Previous message: Adam [wp-ckkl]: "Re: Badware update through P2P?"
Maybe in reply to: Jeremy Junginger: "Smashing the Stack?"
Next in thread: yatima: "Re: Smashing the Stack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 18:04:04 PDT