当前位置: 文江博客话题详情

中止陷阱而不是缓冲区溢出

发布于 2024-11-26 21:17:56 字数 1147 浏览 0 评论 0原文

我一直在读乔恩·埃里克森(Jon Erickson)写的一本很棒的书《黑客》(Hacking)。我想编译一个缓冲区溢出示例并对其进行调试,但应用程序不是在分配的空间之外写入,而是仅响应“中止陷阱”。这是 Xcode 或 Mac OS 引入的一些安全预防措施吗?作者使用的是原始 gcc 和 Debian。

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
    int value = 5;
    char buffer_one[8], buffer_two[8];

    strcpy(buffer_one, "one"); /* put "one" into buffer_one */
    strcpy(buffer_two, "two"); /* put "two" into buffer_two */

    printf("[BEFORE] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
    printf("[BEFORE] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
    printf("[BEFORE] value is at %p and is %d (0x%08x)\n", &value, value, value);

    printf("\n[STRCPY] copying %d bytes into buffer_two\n\n",  strlen(argv[1]));
    strcpy(buffer_two, argv[1]); /* copy first argument into buffer_two */

    printf("[AFTER] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
    printf("[AFTER] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
    printf("[AFTER] value is at %p and is %d (0x%08x)\n", &value, value, value);
}
原文

I've been reading an excellent book Hacking by Jon Erickson. I wanted to compile an buffer overflow example and debug it, but instead of writing outside allocated space, the application just responds with 'Abort trap'. Is this some security precaution introduced by Xcode or Mac OS? The author is using raw gcc and Debian.

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
    int value = 5;
    char buffer_one[8], buffer_two[8];

    strcpy(buffer_one, "one"); /* put "one" into buffer_one */
    strcpy(buffer_two, "two"); /* put "two" into buffer_two */

    printf("[BEFORE] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
    printf("[BEFORE] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
    printf("[BEFORE] value is at %p and is %d (0x%08x)\n", &value, value, value);

    printf("\n[STRCPY] copying %d bytes into buffer_two\n\n",  strlen(argv[1]));
    strcpy(buffer_two, argv[1]); /* copy first argument into buffer_two */

    printf("[AFTER] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
    printf("[AFTER] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
    printf("[AFTER] value is at %p and is %d (0x%08x)\n", &value, value, value);
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

画离情绘悲伤 2024-12-03 21:17:56

这是溢出保护的开始 - 尽管我不确定 XCode / OSX,但使用 gcc,您可以传递 -fno-stack-protector 并且必须关闭 ASLR

linux:  sudo echo 0 > /proc/sys/kernel/randomize_va_space

本文有助于2011 年粉碎堆栈

您应该能够了解如何禁用保护来使用此代码。

顺便说一句,我正在读同一本书 - 我不得不调整/谷歌搜索以使一些内容与 2011 年相关。

This is overflow protection kicking in - although I'm not sure about XCode / OSX, with gcc you can pass -fno-stack-protector and have to turn off the ASLR

linux:  sudo echo 0 > /proc/sys/kernel/randomize_va_space

This article helps Smashing the Stack in 2011

You should be able to find out how to disable the protections to play with this code.

I'm reading the same book btw - I've had to adjust / google around to make some things relevant for 2011.

回复 原文
~没有更多了~

关于作者

感情废物

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

missyouangeled

文章 0 评论 0

三生一梦

文章 0 评论 0

压抑⊿情绪

文章 0 评论 0

天涯离梦残月幽梦

文章 0 评论 0

指尖微凉心微凉

文章 0 评论 0

☆獨立☆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文