c, you will need another tool, perl. Perl is an interpreted
language, meaning that you do not need to precompile it, making it very handy to
use at the command line. For now you only need to understand one perl command:
`perl ??“e 'print "A" x 600'`
This command will simply print 600 A??™s to standard out??”try it! Using this trick, you
will start by feeding 10 A??™s to your program (remember, it takes two parameters):
# //notice, we have switched to root user "#"
#gcc -mpreferred-stack-boundary=2 ??“o meet ??“ggdb meet.c
#./meet Mr `perl ??“e 'print "A" x 10'`
Hello Mr AAAAAAAAAA
Bye Mr AAAAAAAAAA
#
Next you will feed 600 A??™s to the meet.c program as the second parameter as follows:
#./meet Mr `perl ??“e 'print "A" x 600'`
Segmentation fault
As expected, your 400-byte buffer was overflowed; hopefully, so was eip. To verify, start
gdb again:
# gdb ??“q meet
(gdb) run Mr `perl -e 'print "A" x 600'`
Starting program: /book/meet Mr `perl -e 'print "A" x 600'`
Program received signal SIGSEGV, Segmentation fault.
0x4006152d in strlen () from /lib/libc.so.6
(gdb) info reg eip
eip 0x4006152d 0x4006152d
NOTE Your values will be different??”it is the concept we are trying to get
across here, not the memory values.
Pages:
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318