Re: simple program for freebsd
- From: Dave Thompson <spamtrap@xxxxxxxxxx>
- Date: Mon, 17 Jul 2006 05:01:12 GMT
On Thu, 29 Jun 2006 16:10:16 -0400, "T.M. Sommers" <tms@xxxxxx> wrote:
Rumba Dancer wrote:<snip>
<snip>so C-source would be:
char shellcode [] =
I can't believe no one else has answered already, but:int main(void)
{
int* ret;
ret = (int*) &ret + 2;
Huh?
(*ret) = (int) shellcode;
That last line does not somehow magically turn the char array
shellcode into executable code and execute it, which is what I
guess you think it does. Perhaps if you explained exactly what
you are trying to accomplish someone could help you.
return 0;
}
He presumably thinks, correctly, that it clobbers the return address
in the usual x86 calling convention's (that is, cdecl with bp link)
stack marker, so that when this function 'returns', as it does in the
next line, it jumps to the intruded (normally malicious) code.
This has been the canonical procedure for stack smash attacks (or just
bugs) since forever on machines with downward-growing stacks (nearly
all) and return address in that stack (many, including x86).
- David.Thompson1 at worldnet.att.net
.
- Prev by Date: Re: shell script
- Next by Date: Get the FAQs
- Previous by thread: shell script
- Next by thread: freeBSD on Microsoft VM
- Index(es):
Relevant Pages
|
|
