Visual Studio 如何决定堆栈变量的分配顺序?
我正在尝试将 gera 的不安全编程示例 中的一些程序转换为 client/可用于捕获标志场景以教授漏洞开发的服务器应用程序。我遇到的问题是我不确定 Visual Studio(我使用的是 2005 Professional Edition)如何决定在堆栈上分配变量的位置。
当我编译并运行示例 1 时:
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x41424344)
printf("you win!\n");
}
我得到以下结果:
buf: 0012ff14 cookie: 0012ff64
buf 从比 cookie 低 80 个字节的地址开始,并且在 中复制的任何四个字节buf后的前八十位将出现在cookie中。
我遇到的问题是当我将此代码放入其他函数中时。当我编译并运行以下代码时,我得到了不同的结果:buf 出现的地址大于 cookie 的地址。
void ClientSocketHandler(SOCKET cs){
int cookie;
char buf[80];
char stringToSend[160];
int numBytesRecved;
int totalNumBytes;
sprintf(stringToSend,"buf: %08x cookie: %08x\n",&buf,&cookie);
send(cs,stringToSend,strlen(stringToSend),NULL);
结果是:
buf: 0012fd00 cookie: 0012fcfc
现在无法通过覆盖buf来将cookie设置为任意数据。有什么方法可以告诉 Visual Studio 在 buf 之前分配 cookie 吗?有什么办法可以事先告诉变量将如何分配吗?
谢谢,
杰森
啊,好的。是的,我想结构必须这样做。感谢您的帮助。
I'm trying to turn some of the programs in gera's Insecure Programming by example into client/server applications that could be used in capture the flag scenarios to teach exploit development. The problem I'm having is that I'm not sure how Visual Studio (I'm using 2005 Professional Edition) decides where to allocate variables on the stack.
When I compile and run example 1:
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x41424344)
printf("you win!\n");
}
I get the following result:
buf: 0012ff14 cookie: 0012ff64
buf starts at an address eighty bytes lower than cookie, and any four bytes that are copied in buf after the first eighty will appear in cookie.
The problem I'm having is when I place this code in some other function. When I compile and run the following code, I get a different result: buf appears at an address greater than cookie's.
void ClientSocketHandler(SOCKET cs){
int cookie;
char buf[80];
char stringToSend[160];
int numBytesRecved;
int totalNumBytes;
sprintf(stringToSend,"buf: %08x cookie: %08x\n",&buf,&cookie);
send(cs,stringToSend,strlen(stringToSend),NULL);
The result is:
buf: 0012fd00 cookie: 0012fcfc
Now there is no way to set cookie to arbitrary data via overwriting buf. Is there any way to tell Visual Studio to allocate cookie before buf? Is there any way to tell beforehand how the variables will be allocated?
Thanks,
Jason
Ah, okay. Yes, I guess structs will have to do. Thanks for the help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试关闭编译器优化。
如果优化已经关闭,则强制编译器按特定顺序放置局部变量的最佳选择是将局部变量放入结构中,并在局部堆栈上分配该结构。与独立的局部变量相比,该结构中的字段不太可能被编译器移动(相对于彼此)。
Try turning off compiler optimizations.
If optimizations are already off, your best bet to force the compiler to put locals in a specific order is to place the local vars into a structure, and allocate that structure on the local stack. The fields in that structure are less likely to be moved around (relative to each other) by the compiler than independent local vars.