我最近学习了缓冲区溢出的知识,尝试使用GCC来复制它。以下是我编写的代码。
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
int value = 5;
char buffer_one[8], buffer_two[8];
strcpy(buffer_one, "one");
strcpy(buffer_two, "two");
printf("[BEFORE] buffer_two is at %p and contains %s\n", buffer_two, buffer_two);
printf("[BEFORE] buffer_one is at %p and contains %s\n", buffer_one, buffer_one);
printf("[BEFORE] value is at %p and contains %d\n\n", value, value);
printf("[STRCPY] copying %d bytes into buffer_two\n\n", strlen(argv[1]));
strcpy(buffer_two, argv[1]);
printf("[BEFORE] buffer_two is at %p and contains %s\n", buffer_two, buffer_two);
printf("[BEFORE] buffer_one is at %p and contains %s\n", buffer_one, buffer_one);
printf("[BEFORE] value is at %p and contains %d\n\n", value, value);
return 0;
}
看起来应该可以工作,对吧?Buffer_two和buffer_one在内存中是相邻的。
[BEFORE] buffer_two is at 0x7fff56ff2b68 and contains two
[BEFORE] buffer_one is at 0x7fff56ff2b70 and contains one
[BEFORE] value is at 0x5 and contains 5
然而,紧接着这个事件发生不久…
[STRCPY] copying 14 bytes into buffer_two
Abort trap: 6
C语言是如何识别这一点的?一些黑客如何执行更复杂的缓冲区溢出攻击,并使其真正起作用?
gcc -S
),我们无法明确回答问题,一旦提供了汇编代码,答案应该是清晰明了的,不需要再提问。 - Pascal Cuoq