0

I am trying to run a buffer overflow example to run some code, but the problem is that when I try to run the code just to get a buffer overflow, Windows throws a prompt up stating "Program has stopped working, Windows is checking for a solution to the program. So when I try to make sure it just has a overflow by one byte. The program just runs, but doesn't pause the command window in order for me to see the segmentation fault error address. Which to my understanding I would need in order to change it and make it run my desired window as the passed parameter.Here is the simple program.

#define BUF_LEN 5

int main(int argc, char **argv)
{

char buf[BUF_LEN];

if (argc > 1)
{
 strcpy(buf, argv[1]);
}
 return 0;
 printf(buf);
 system("pause");
}
Improve this question
2
  • What's the length of argv[1]? Commented Dec 1, 2010 at 0:11
  • I make it at least more than buff, for example buff is now 5 in this program, so I make it "AAAAAAAA" Commented Dec 1, 2010 at 0:21

4 Answers 4

Reset to default
2

Segmentation faults are just one manifestation of undefined behaviour. There is really nothing that guarantees you that the OS will give you any information about what went wrong here.

You don't need the address in order to diagnose the segfault anyway. There is exactly one thing that can cause a buffer overflow here and you know exactly what it is: the strcpy() call.

Assuming you must use C, the fix is to use strncpy() instead.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I may be mistaken, but if I read the OP right, he intentionally wants to cause a buffer overflow for exercise purposes.
I know that strncpy() will prevent the buffer overflow. but I am trying to create an exmaple to show what I can make happen by causing one with some shellcode, but I assummed I need the seg fault address to do that
This doesnt answer my question at all but yet it has two votes?
@Eric: What part of "undefined behavior" didn't you understand?
1

The problem lies with the fact that buffer overflow behavior is not standardized - your example may refer to an older version of Windows, which still printed an error address, or to a completely different operating system.

Additionally, not all buffer overflows cause the program to crash - it depends on what data is written where. For small buffer overflows, you may be overwriting only some other local variables or padding space, instead of anything essential for the program execution (like the function return address).

Improve this answer

1 Comment

this actually answered the question
0 
#define BUF_LEN 5

int main(int argc, char **argv)
{

char buf[BUF_LEN];

if (argc > 1)
{
 strcpy(buf, argv[1]);
}

 printf(buf);
 system("pause");
 return 0;
}

return 0; goes in the end. Otherwise the program execution stops there.

Improve this answer

14 Comments

thanks,now it prints the buf but it still runs into the same problem by not outputing an error address.. Isn't this what I should get
I dont think it is supposed to print an error address. more like a "SegFault" Thingy.
it doesnt print anything.. it prints the buf like there was no error, but when i press the any key to continue, it runs a Windows prompt load issue error I mentioned above and then closes
I make it at least more than buff, for example buff is now 5 in this program, so I make it "AAAAAAAA"
Well you just end up writing on memory you shouldn't, thats all, and its not good. nothing really bad will happen unless you overwrite something usefull.
|
0

On compiling use "gcc -fno-stack-protector -o out filename.c", because gcc contains inbuilt stack protector and u have to remove it. -fno-stack-protector will remove the protector function from gcc

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.