About
This level looks at the concept of modifying variables to specific values in the program, and how the variables are laid out in memory.
Hints:
- If you are unfamiliar with the hexadecimal being displayed, "man ascii" is your friend.
- Protostar is little endian
This level is at /opt/protostar/bin/stack1
Source code
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
{
volatile int modified;
char buffer[64];
if(argc == 1) {
errx(1, "please specify an argument\n");
}
modified = 0;
strcpy(buffer, argv[1]);
if(modified == 0x61626364) {
printf("you have correctly got the variable to the right value\n");
} else {
printf("Try again, you got 0x%08x\n", modified);
}
}
#include <unistd.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
{
volatile int modified;
char buffer[64];
if(argc == 1) {
errx(1, "please specify an argument\n");
}
modified = 0;
strcpy(buffer, argv[1]);
if(modified == 0x61626364) {
printf("you have correctly got the variable to the right value\n");
} else {
printf("Try again, you got 0x%08x\n", modified);
}
}
该题需要给程序一个传递参数,而该参数在strcpy(buffer, argv[1])时发生溢出,在程序开始位置定义了Buffer的长度为64字节,因此传递参数只需要超过64字节即可发生溢出。
再看关键if →_→ if(modified == 0x61626364) 其实61626364分别对应字母abcd,这里需要注意一点是顺序是倒过来的!!因此知道这两点后这关也是容易过的。
转载于:https://blog.51cto.com/terrying/1177805