Search code examples
cubuntubufferbuffer-overflowddd-debugger

C Buffer overflow Display message (Using Ubuntu and DDD)


#include <stdio.h>
#include <stdlib.h>
void badf(int n, char c, char* buffer)
{
    int i;
    for (i=0; i<n; i++)
    {
    buffer[i]=c;
    }

}

void f(int n, char c)
{
    char buffer[16];
    badf(n,c,buffer);
}

void message ()
{
printf("Hello\n");

}

int main()
{
f(32,0x08048411);
    return 0;
}

This is the code I got so far (got given the base of it and got to stick to it, thats why there is a badf and f function)

The goal is that the program prints the Hello message by overflowing to the Instruction pointer. Using Data display debugger in Ubuntu, I believe the address of this display is 0x0804811.

When I run the program through and use x/16x $esp the next address in the stack is just 1s (am guessing only the last two digits are being taken from the address above)

What am wondering is how I would make the next address the full address and not just the last two digits.

Also the 32 is calculated from 16 (buffer defined above) + 8 (base pointer) + 8 (Instruction pointer)

Thanks in advance for any help as I know this specific problem.


Solution

  • Do not pass the address via an 8bit integer (char) but use a type wide enough ... - that is at least 32bits.

    Modify as follows:

    void badf(int n, unsigned int u, char* buffer)
    ...
    
    void f(int n, unsigned int u)
    ...