2

I am trying to solve this programming puzzle another student at my school put out, and we were given an .exe and the corresponding .c source code. The way I am trying to attack the problem is with a buffer overflow, and I managed to do it in Linux using a perl script as the input so that I could input the hex values for the return address.

The problem is we have to do it using the .exe in Windows, and I do not know how to enter hex values in the command line. For the Linux version, I used this question: Hex values in gdb input files and my code ending up being this:

./a.out $(perl -e 'print "A"x34 . "\x7d\x86\x04\x08";')

How can I do this on the Windows Command Line?

mkrieger1
  • 19,194
  • 5
  • 54
  • 65
nolax
  • 21
  • 1
  • 2
  • Does this answer your question? [Write HEX values to file in Windows batch](https://stackoverflow.com/questions/47750732/write-hex-values-to-file-in-windows-batch) – mkrieger1 Jan 09 '22 at 10:04

1 Answers1

0

You have some options

  1. Install PERL or PYTHON package for Windows. Then you can do the similar way as you do in Linux.

  2. If you have powershell, you can do some scripting as given in link below:

http://www.sans.org/windows-security/2010/02/11/powershell-byte-array-hex-convert/

Note that when you compile the source code for Windows, there will be change in structure of stack and position of EIP. And hence the same payload might not work which worked on Linux.

Madhur Ahuja
  • 22,211
  • 14
  • 71
  • 124
  • Thanks for the quick answer. I have perl installed on Windows, but the same command doesn't work because the .exe treats the whole command as a string instead of evaluating the perl script first. Is there an equivalent to the $(...) in Linux that will evaluate the perl script first? Thanks for your time. – nolax Aug 28 '11 at 17:10
  • the link is broken – Yuri Aps Dec 03 '21 at 17:15