lldb - passing hex value as an input while debugging
I am learning lldb from security perspective. I am trying to perform a bufferoverflow in the below sample code.
#include<stdio.h>
void return_input(void) {
char array[30];
gets(array);
printf("%s\n", array);
}
int main(){
return_input();
return 0
}
gets function is the target here.
While inside lldb console, I need to key in the long string that will override the return address. if I try a string like,
(lldb) AAAAAAA\x01\x02
They are being treated as individual characters and not hex values.
How do I pass in hex values as input while inside LLDB session? Basically, I am trying to overwrite the memory.
There are other answers where we pass the string as an argument, but i want to key in the data myself while inside the session.
Updating the lldb session.
In the below picture you can see that the hex are actually, converted into strings
Thanks.
You are trying to enter arbitrary bytes via gets() into your variable array and beyond. This is not straight-forward and partially impossible, as the standard input stream and gets() commonly does not take all codes and filter some codes.
For example, if you want the byte 0x0D (or 0x0A, depending on your terminal) in your input, you could try to type Enter. But this key will get filtered by gets() as it thinks you have finished your input.
You can type many codes, by combinations of Ctrl and A to Z or umlauts or accented characters. But it is difficult to get exactly the sequence of codes you want.
You can try this: Prepare a sequence of characters that resemble your hex bytes in a text editor. Copy them into the console when gets() expects your input.
To see which character produces what code, consider to write a little experimental program that calls gets() and prints the received codes:
#include <stdio.h>
int main(void) {
char line[30];
gets(line);
for (int i = 0; i < sizeof line; ++i) {
printf("%d: %X\n", i, line[i]);
}
return 0;
}
Note: Please adopt a code style and stick to it. Your source is not indented at all.
- Simple frame by frame video decoder library
- GCC no longer implements <varargs.h>
- Contents of IO buffer unknown == unsafe?
- Avoiding strcpy overflow destination warning
- Sort program not working, not sure why
- Fast & accurate atan/arctan approximation algorithm
- What's the difference between strtok_r and strtok_s in C?
- How memory address for pointer to arrays is same as an element in 2D array?
- Which is the best way to suppress "unused variable" warning
- How to use ellipsis in c's case statement?
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- Fast ceiling of an integer division in C / C++
- Is there an invalid pthread_t id?
- How to Implement Universal Setter/Getter Functions for Interrupt-Driven Variables in Embedded C?
- How does SIMD (avx) processing work? for example, if I want 10 32 bit floats how do i fit in a 256 bit avx vector?
- FDCAN problems on STM32G4
- How does the call macro enable mutual recursion between functions f and g in this Hanoi Tower implementation?
- Running test on Rocket core CPU - global variable initialized to 0 is unsuccessful, output wrong value instead
- Interacting with C arrays without knowing the size
- Combination of two strings
- carriage return by fgets
- How to use special characters in C?
- Why does 1.0/100.0 == 0.1/10.0 give True?
- Is it correct to compare pointers in C?
- Force free() to return malloc memory back to OS
- How can I print to standard error in C with 'printf'?
- What is the standard behavior of fread in C on Windows?
- How is strtok removing lines it shouldn't have access to?
- Using array as smart point in C
- Assigning string to malloced 2d char array not working as intended