4.7 栈溢出攻击原理
修改调用栈内保存的LR
- 人为地通过数组越界访问到LR
函数的数组位于局部变量区离LR很近
/************************************************
* Copyright(C) zhaixue.cc. All rights reserved
*
* Filename: stack-overflow.c
* Author: litao.wang
* E-mail: 3284757626@qq.com
* Description:
* Create: 2017-11-22 11:11:24
* Last Modified: 2017-11-22 11:32:37
************************************************/
#include<stdio.h>
void shellcode(void)
{
printf("virus run success!\n");
while(1);
}
void f(void)
{
int a[4];
int tmp;
a[8] = shellcode;//数组越界改到LR
tmp = a[4];
a[4] = 3;
printf("a[6] = %d\n",a[6]);
a[4] = tmp;
}
int main(void)
{
f();
printf("hello world!\n");
return 0;
}