This preview shows page 1. Sign up to view the full content.
Unformatted text preview: on of the program is as follows:
unix> ./bufbomb Type Hex string: 30 31 32 33 getbuf returned 0x1 Looking at the code for the getbuf function, it seems quite apparent that it will return value ½ whenever it is called. It appears as if the call to getxs has no effect. Your task is to make getbuf return ¼¿ ¿ (0xdeadbeef) to test, simply by typing an appropriate hexadecimal string to the prompt. Here are some ideas that will help you solve the problem: ¯ ¯ ¯ Use OBJDUMP to create a disassembled version of bufbomb. Study this closely to determine how the stack frame for getbuf is organized and how overﬂowing the buffer will alter the saved program state. Run your program under GDB. Set a breakpoint within getbuf and run to this breakpoint. Determine such parameters as the value of %ebp and the saved value of any state that will be overwritten when you overﬂow the buffer. Determining the byte encoding of instruction sequences by hand is tedious and prone to errors. You can let tools do all of the work by writing an assembly code ﬁle containing the instructions and data you want to put on th...
View Full Document
This note was uploaded on 09/02/2010 for the course ELECTRICAL 360 taught by Professor Schultz during the Spring '10 term at BYU.
- Spring '10
- The American