缓冲区溢出实验1原理篇
//---C源程序--------
#include<stdio.h>
#include<string.h>
unsigned char name[]="12345678aaaa";
int main(int argc, char* argv[])
{
unsigned char buf[8];
strcpy((char*)buf,(char *)name);
printf("hello world!");
return 0;
}
//-------------------------------------
下面是进入main()后的汇编代码:
00401000 /$ 83EC 08 sub esp, 8
00401003 |. 83C9 FF or ecx, FFFFFFFF
00401006 |. 33C0 xor eax, eax
00401008 |. 8D5424 00 lea edx, [esp]
0040100C |. 56 push esi
0040100D |. 57 push edi
0040100E |. BF 30704000 mov edi, 00407030 ; ASCII "12345678aaaa"
00401013 |. 68 48704000 push 00407048 ; ASCII "hello world!"
00401018 |. F2:AE