I am trying to perform a simple buffer overflow on 32-bit Fedora, but the eip register value is not changing
My C code is as follows :
#include <string.h>
int main(int argc, char ** argv){
char buffer[8];
strcpy(buffer, argv[1]);
}
I have tried executing :
echo 0 > /proc/sys/kernel/exec-shield
echo 0 > /proc/sys/kernel/randomize_va_space
to disable any kind of protection. As well as I have compiled like this:
gcc -g -Wall -fno-stack-protector -z execstack -m32 boftest.c -o boftest
When I run the command
./boftest AAAABBBBCCCCDDDD
And then observe the register values using gdb; I see that:
ebp contains 0x44444444, but
eip contains 0x80483F4
which means $eip hasn't been successfully modified.
I have read other questions with the same problem, but none of the solutions worked for me. Would you have any idea how to make this work?
Okay I think I figured out what was going wrong eventually. I was trying the buffer overflow test on Linux's Fedore 9. I tried all the modifications but nothing worked.
So i changed the OS to Ubuntu 12.04 and the test worked perfectly.
By executing ./boftest `perl -e 'print "A" x 200'` , the $eip register value was overwritten to 0x41414141 where 0x41 is the hexadecimal value of 'A' caracter, which means that the buffer overflow test worked.
I think that the problem was with the Fedora OS, maybe it offered other levels of protection against buffer overflow that I wasn't aware of, while the ubuntu 12.04 version didn't. I only needed the command echo 0 > /proc/sys/kernel/randomize_va_space for the test to work.