|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: heap overflows
From: Vlad902 (vlad
sig11.zemos.net)
Date: Thu Feb 26 2004 - 11:53:33 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> printf("copied");
> free(malloced_buffer1);
> free(malloced_buffer2);
This part of the code is incorrect, you're depending
on the first chunk to hold your shellcode, and you
are freeing it before you overwrite the GOT with the
free(malloced_buffer2);. Also you don't a printf();
statement after the free(malloced_buffer2); so it
never returns to the shellcode (if it was there)! I
recommend you remove the free(malloced_buffer1); and
instead of messing with the GOT instead instead just
overwrite __DTOR_END__ and be lazy :)
You may also just for debugging purposes add a
"xccxcc" instead of "xebx0c", which will make
it a trace/breakpoint trap, so that if it ever
hits it, your program will stop with a
trace/breakpoint trap and will core dump, so you
know it is hitting the shellcode.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]