关于堆栈溢出的练习
我正在尝试学习堆栈溢出,但我在练习时遇到问题。在易受攻击的程序中,必须接收我的 shellcode 的代码部分是:
int array[8];
index = (int) strtol(argv[1], NULL, 10);
value = (int) strtoul(argv[2], NULL, 16);
array[index] = value;
我轻松找到了用于覆盖 RET 的数组索引。然后我尝试在易受攻击的程序中找到返回地址的偏移量,如下所示:
./victim 12 $(printf "%0512x" 0)
我尝试了很多不同的长度,但在每个可能的长度上我都会遇到分段错误。这很奇怪,因为我的书说我应该只能在保存的返回地址所在的位置出现分段错误。 我是初学者,所以可能我犯了一些基本错误。谁能帮我解决这个问题? 预先感谢您的任何帮助。
I'm trying to learn stack overflows but I have a problem with an exercise. In the vulnerable program the part of the code that must receive my shellcode is:
int array[8];
index = (int) strtol(argv[1], NULL, 10);
value = (int) strtoul(argv[2], NULL, 16);
array[index] = value;
I found easily the index of the array to use to overwrite RET. Then I tried to find the offset of the return address in the vulnerable program like this:
./victim 12 $(printf "%0512x" 0)
I tried a lot of different lengths, but at every possible length I get a segmentation fault. This is weird, because my book says that I should be able to get a segmentation fault only where the saved return address is.
I'm a beginner, so probably I'm doing some basic mistake. Can anyone help me to solve this problem?
Thanks in advance for any help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您遇到分段错误,因为您只为程序提供一个参数,但您却在
argv[2]上调用strtoul,这是一个 < code>NULL 指针。You are getting a segmentation fault because you're only providing your program with a single argument, but yet you're calling
strtoulonargv[2], which is aNULLpointer.