Open Source Schools

Writing Buffer Overflow Exploits - a Tutorial for Beginners 1. Memory Note: The way we describe it here, memory for a process is organized on most computers, however it depends on the type of processor architecture. This example is for x86 and roughly applies to Sparc. The principle of exploiting a buffer overflow is to overwrite parts of memory that are not supposed to be overwritten by arbitrary input and making the process execute this code. - Code segment, data in this segment are assembler instructions that the processor executes. - Data segment, space for variables and dynamic buffers - Stack segment, which is used to pass data (arguments) to functions and as a space for variables of functions. 2. memory address code 0x8054321 <main+x> pushl $0x0 0x8054322 call $0x80543a0 <function> 0x8054327 ret 0x8054328 leave ... 0x80543a0 <function> popl %eax 0x80543a1 addl $0x1337,%eax 0x80543a4 ret What happens here? In this case, our return address is 0x8054327. 3. End of assembler dump. 3a. 3b. # (ret;cat)|. 4. 4a. 4b. # cc -o code code.S code.c # . 5.

Free Audiobooks and eBooks - Librophile