免責宣告:我不擔心語法。
在學習緩沖區溢位的同時,我正在嘗試與我的 C 程式一起執行的 Perl 代碼來演示溢位是如何作業的。但是,當我輸入代碼時.\Buffer $(perl -e 'print "A"x16 . "\xef\xbe\xad\xde"'),它只會將 加到$(perl記憶體中的第一個緩沖區,buffer_two如下所示:
.\Buffer $(perl -e 'print "A"x16 . "\xef\xbe\xad\xde"')
[BEFORE] buffer_two is at 0061FF0C and contains two
[BEFORE] buffer_one is at 0061FF14 and contains one
[BEFORE] value is at 0061FF1C and is 5 (0x00000005)
[STRCPY] copying 6 bytes into buffer_two
[AFTER] buffer_two is at 0061FF0C and contains $(perl
[AFTER] buffer_one is at 0061FF14 and contains one
[AFTER] value is at 0061FF1C and is 5 (0x00000005)
buffer_two和之間的位元組value是16 個位元組( (gdb) print 0x0061ff1c - 0x0061ff0c $1 = 16),所以我列印了 16 次“A”來填充空間。然而,應該發生的是下面的文本"A"x16應該覆寫下一個記憶體地址。在 Linux 上使用時,代碼運行良好,我得到以下輸出:
./Buffer $(perl -e 'print "A"x16 . "\xef\xbe\xad\xde"')
[BEFORE] buffer_two is at 0x7ffca168185c and contains two
[BEFORE] buffer_one is at 0x7ffca1681864 and contains one
[BEFORE] value is at 0x7ffca168186c and is 5 (0x00000005)
[STRCPY] copying 20 bytes into buffer_two
[AFTER] buffer_two is at 0x7ffca168185c and contains AAAAAAAAAAAAAAAA??
[AFTER] buffer_one is at 0x7ffca1681864 and contains AAAAAAAA??
[AFTER] value is at 0x7ffca168186c and is -559038737 (0xdeadbeef)
這是完整的代碼:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
int value = 5;
char buffer_one[8], buffer_two[8]; //create two buffers of 8 bytes
strcpy(buffer_one, "one"); //copy strings one and two into buffers
strcpy(buffer_two, "two");
printf("[BEFORE] buffer_two is at %p and contains %s\n", buffer_two, buffer_two); //print initial address and value
printf("[BEFORE] buffer_one is at %p and contains %s\n", buffer_one, buffer_one);
printf("[BEFORE] value is at %p and is %d (0xx)\n", &value, value, value);
printf("\n[STRCPY] copying %d bytes into buffer_two\n\n", strlen(argv[1])); //copy first argument digits into buffer two
//if((int *)argv[1] > (int *)8) //test if argument input is greater than 8 bytes
//{
//printf("[!!] Buffer error\n\n");
//exit(-1);
//}
strcpy(buffer_two, argv[1]);
printf("[AFTER] buffer_two is at %p and contains %s\n", buffer_two, buffer_two);
printf("[AFTER] buffer_one is at %p and contains %s\n", buffer_one, buffer_one);
printf("[AFTER] value is at %p and is %d (0xx)\n", &value, value, value);
}
在寫這篇文章時,我注意到它只寫了 6 個位元組,我不確定為什么。
uj5u.com熱心網友回復:
.\Buffer $(perl -e 'print "A"x16 . "\xef\xbe\xad\xde"')
這種語法(運行括號中的命令并替換$(...)為其輸出)是(許多)UNIX shell 的一個特性。
無論您在 Windows 上使用什么外殼,顯然都不會這樣做。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qukuanlian/368289.html
上一篇:Git拉入GitHub作為合作者
