shell

shell

关注
发信
如何使用 ImageJ API 向图像添加颗粒
NetBeans从包含的文件自动完成无法正常工作?
为什么并不总是ServiceStack]连结USERAUTH和UserAuthDetails?
未将对象引用设置为对象 UnityEngine 的实例
如何使用递归实现快速排序
如何在客户端模式下设置`spark.driver.memory`-pyspark(版本2.3.1)
如何使用ANTLR从AST中找到xpath
嵌入式文档属性的多次更新
我们的项目“项目启动器"的ER图紧急
Laravel:与关系有关的问题
澄清数据库关系问题
GORM阻止为域创建外键约束
试图了解GAS中的getThreads
在sql SP中创建动态
jQuery UI自动完成中的自定义属性问题

Linux的缓冲区溢出环境变量

扫码查看
本文介绍了Linux的缓冲区溢出环境变量的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我一直在审查不同风格的缓冲区溢出,冲进我不记得为什么会出现问题。在code以下是节目我试图上执行缓冲区溢出:

I have been reviewing different styles of buffer overflows and ran into a problem I cannot remember why it occurs. The code as follows is the program I am attempt to perform a buffer overflow on:

#include <stdio.h>

void func(char *buff){
    char buffer[5];
    strcpy(buffer, buff);
    printf("%s\n", buffer);
}

int main(int argc, char *argv[]){
    func(argv[1]);
    printf("I'm done!\n");
    return 0;
}

该方案的核心理念其实很简单,我只是溢出缓冲区覆盖的返回地址FUNC()。 _fini&GT;这时候,我给它一个地址,如 0x0804850c 这恰好是&LT所有的伟大工程的程序。当我实现与该地址的溢出最终的结果是程序退出优雅不打印我完了!。我现在遇到了现在的问题是,当我试图说点什么的环境变量位于 0xbfffd89 来重定向返回地址。

The core concept of the program is very simple, I just overflow the buffer to overwrite the return address of func(). That all works great when I give it an address such as 0x0804850c which happens to be the <_fini> of the program. The end result when I implement the overflow with that address is the program quits "gracefully" without printing I'm done!. The problem I am running into now is when I attempt to redirect the return address to something say an environment variable located at 0xbfffd89.

外壳code位于特定的环境变量应该说你好后简单地退出程序。然而,这并不发生,程序则只是赛格故障,仅此而已。外壳code已被证实在previous程序我写来测试外壳code工作。任何人都有,为什么这是行不通的任何想法。 THX

The shell code located in that particular environment variable should simply quit the program after saying hello. However that does not occur, the program simply seg faults and that's it. The shell code has already been confirmed to work in the previous program I wrote to test out shell code. Anyone have any ideas why this is not working. Thx

推荐答案

环境变量是位于一个内存区已读和放大器;写权限,但没有执行权限。我转载此很容易如下:

Environment variables are located in a region of memory that has read & write permission but not execute permission. I reproduced this easily as follows:

#include <stdio.h>
#include <stdlib.h>

int
main(int argc, char **argv)
{
void (*function)(void);

        function = (void (*)(void))getenv("PATH");
        function();
        return 0;
}

GDB 运行,我得到这个:

Program received signal SIGSEGV, Segmentation fault.
0x00007fffffffeb51 in ?? ()
(gdb)

我再抬头的地址0x00007fffffffeb51如果 / proc /进程/图,发现这样一行:

7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]

有一个 - 其中 X (执行)位通常会发现

There's a - where the x (execute) bit would normally be found.

这篇关于Linux的缓冲区溢出环境变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-05 08:21
查看更多
Powered by LMLPHP ©2025 shell 0.048135