问题描述
我有点在C. code注射液的想法弄得如果有人可以解释它,并展示如何做我会AP preciate它。
I am a bit confused in the idea of code injection in C. If somebody could explain it and show how its done I would appreciate it.
所以让我们用C说,你有正在被写入长度1024插座的内容大小512的一些字符数组,该字符数组现在持有某种code,但只写着什么的一半
So lets say in C you have some Char array of size 512 which is being written to the contents of a socket of length 1024, and that char array now holds some sort of code but only half of what was written.
如何在一个缓冲区溢出执行恶意code,我觉得我对过程的结构(栈,堆,数据,文本)混淆。
How is the malicious code executed in a buffer overflow, I think I am confused on the process structure(stack, heap, data, text).
推荐答案
一般的伎俩有多么程序的code和变量在内存奠定做出来的。例如,当一个函数被调用程序(code。通过编译程序插入)必须存储指令返回到的地址。因此,如果这仅仅是堆栈的开始之前的32位字,人们可以做:
The general trick has to do with how the program's code and variables are layed out in memory. For example, when a function is called the program (code inserted by the compiler) must store the address of the instruction to return to. So if this is the 32 bit word just before the beginning of the stack, one could do:
void foo()
{
int array[5];
int var = 0;
int var2 = 0;
// read in user input
printf("Enter index and value to write:");
scanf("%i", var);
scanf("%i", var2);
// malicious user might set var to -1 and var2 to an address to execute
// if say the 32-bit value before the stack variables is the instruction to
// return to
array[var] = var2
// return now goes to malicious code
}
(所以你的工作是构建code,使这样的事情是不可能的。:))
(So your job is to construct code so that such a thing is not possible. :) )
函数调用是如何实现的,堆栈分配,值传递变量和返回值的规则返回的回叫的的。我reccomend阅读的C调用conventionts一个很好的深入报道所附的文章。
The rules for how a function call is implemented, stack variables allocated, values passed, and return values returned back is called the calling convention. I reccomend reading the attached article for a good indepth coverage of C calling conventionts.
这篇关于了解并使用C做code注射液的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!