0

I would like to know what is the best way to detect a buffer overflow in windows for c++. I would like to find buffer overflows on the stack as well as the heap.

Bart
  • 19,692
  • 7
  • 68
  • 77
Sriram Subramanian
  • 2,623
  • 5
  • 32
  • 35
  • I hope it doesn't take long until you find the first one. I sure hope it will be on the stack. – celavek Aug 02 '11 at 20:39
  • 1
    Normally your program crashing is a good indication. Did you mean detecting use of deprecated functions and unsafe code which may be susceptible to abuse of buffer overflows to compromise security ... or are you on the other side of the fence looking to detect security holes that you can inject into? – AJG85 Aug 02 '11 at 20:43
  • well the program often does not crash at the point where the buffer overflow happens. It crashes much later on in the execution. – Sriram Subramanian Aug 02 '11 at 20:46
  • 1
    The best way is to write code that is not prone to overflow by utilizing good, modern design patterns and C++ idioms. – James McNellis Aug 02 '11 at 20:48
  • i agree, but i am trying to debug some code written by someone else. – Sriram Subramanian Aug 02 '11 at 20:49
  • 1
    Perhaps post some code and specific questions about your refactor attempts otherwise James' comment above is the best answer anyone could hope to give. – AJG85 Aug 02 '11 at 20:52
  • does the code compile and run on linux? – Karoly Horvath Aug 02 '11 at 21:10
  • @AJG85 - well that is not true. There are tools like app verifier for windows that can be used to find the source of heap based buffer overflows. I wanted to know if that was my best option. Also I wanted to know if there is any tools that helps to find stack based buffer overrflows – Sriram Subramanian Aug 02 '11 at 21:13
  • 1
    http://stackoverflow.com/questions/783310/are-there-any-tools-to-detect-buffer-overflow-on-visual-c-6-0 or http://stackoverflow.com/questions/283726/memory-leak-detection-under-windows-for-gnu-c-c http://mpatrol.sourceforge.net/ – celavek Aug 02 '11 at 21:26
  • @Sriram fair enough, depending on the scope you may find it more beneficial and less time consuming to redesign with modern C++ in mind than to attempt to fix the existing implementation. – AJG85 Aug 02 '11 at 21:53

1 Answers1

0

Depending on the exact problems you are facing, this may be of help.

http://code.google.com/p/electric-fence-win32/

I've used electric fence on Linux with good results. http://en.wikipedia.org/wiki/Electric_Fence

San Jacinto
  • 8,774
  • 5
  • 43
  • 58