Posted: Fri Oct 31, 2008 4:17 pm Post subject: Buffer Overflow: my "shell"-code does not work
I am occupying myself with Buffer Overflows. So I have learned how to modify the return adress by an too long input. The program execution continues at an other point in the memory, where I have put my Assembler-Code.
I have tried writing a simple "hello-world"-assembler-program, which I wanted to execute by buffer overflow. But despite the EIP-register contained the right memory adress, there occured errors when debugging my (overflowed) program:
No function contains program counter for selected frame
Cannot find bounds of current function
So I have three questions:
1. What is generally the best way to convert my asm listing into a hex string? Do I have to use inline assembler in c++ or is there a better possibility?
2. Is it enough to change the EIP register, so that it points to my adress in the memory? Or is there anything else I have to do? (see the errors above)
3.In many tutorials, they put asm-commands like JMP or CALL at the beginning of their asm-code, which they want to be executed. Why do they do that?
Answering your questions:
1. Just assemle the asm code and display with a low-level debugger or hex viewer. No, you don't need inline assembly to exploit a binary. Keyboard is enough.
2. & 3. It depends on the implementation or how the compiler uses the registers. Exploits is one of those fields that should be considered as an art rather than a method with rigid steps and rules.
Please post the program you want to exploit (executable).
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum