缓冲区溢出问题
我正在尝试运行缓冲区溢出示例来运行一些代码,但问题是,当我尝试运行代码只是为了获得缓冲区溢出时,Windows 会抛出一条提示,指出“程序已停止工作,Windows 正在检查因此,当我尝试确保它仅溢出一个字节时,该程序只会运行,但不会暂停命令窗口以便我查看分段错误错误地址。我需要更改它并使其作为传递的参数运行我想要的窗口。这是简单的程序。
#define BUF_LEN 5
int main(int argc, char **argv)
{
char buf[BUF_LEN];
if (argc > 1)
{
strcpy(buf, argv[1]);
}
return 0;
printf(buf);
system("pause");
}
I am trying to run a buffer overflow example to run some code, but the problem is that when I try to run the code just to get a buffer overflow, Windows throws a prompt up stating "Program has stopped working, Windows is checking for a solution to the program. So when I try to make sure it just has a overflow by one byte. The program just runs, but doesn't pause the command window in order for me to see the segmentation fault error address. Which to my understanding I would need in order to change it and make it run my desired window as the passed parameter.Here is the simple program.
#define BUF_LEN 5
int main(int argc, char **argv)
{
char buf[BUF_LEN];
if (argc > 1)
{
strcpy(buf, argv[1]);
}
return 0;
printf(buf);
system("pause");
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
分段错误只是未定义行为的一种表现。实际上没有什么可以保证操作系统会向您提供有关此处出现问题的任何信息。
无论如何,您不需要该地址来诊断段错误。确实有一件事可能会导致缓冲区溢出,并且您确切地知道它是什么:strcpy() 调用。
假设您必须使用 C,解决方法是使用 strncpy()。
Segmentation faults are just one manifestation of undefined behaviour. There is really nothing that guarantees you that the OS will give you any information about what went wrong here.
You don't need the address in order to diagnose the segfault anyway. There is exactly one thing that can cause a buffer overflow here and you know exactly what it is: the strcpy() call.
Assuming you must use C, the fix is to use strncpy() instead.
问题在于缓冲区溢出行为未标准化 - 您的示例可能指的是旧版本的 Windows,它仍然打印错误地址,或者指的是完全不同的操作系统。
此外,并非所有缓冲区溢出都会导致程序崩溃 - 这取决于什么数据写入何处。对于小型缓冲区溢出,您可能只覆盖一些其他局部变量或填充空间,而不是程序执行所需的任何内容(例如函数返回地址)。
The problem lies with the fact that buffer overflow behavior is not standardized - your example may refer to an older version of Windows, which still printed an error address, or to a completely different operating system.
Additionally, not all buffer overflows cause the program to crash - it depends on what data is written where. For small buffer overflows, you may be overwriting only some other local variables or padding space, instead of anything essential for the program execution (like the function return address).
return 0;放在最后。否则程序执行将停止在那里。return 0;goes in the end. Otherwise the program execution stops there.编译时使用“gcc -fno-stack-protector -o out filename.c”,
因为 gcc 包含内置的堆栈保护器,你必须删除它。
-fno-stack-protector 将从 gcc 中删除保护器功能
On compiling use "gcc -fno-stack-protector -o out filename.c",
because gcc contains inbuilt stack protector and u have to remove it.
-fno-stack-protector will remove the protector function from gcc