Re: Linux Security

• Previous message: E. Charters: "Re: redhat ES 3.0 memory query"
• In reply to: dude84: "Re: Linux Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 21 Feb 2005 06:01:39 -0500

There is gdb that works with assembler that will
allow you to see the output line by line.

gdb will work with c programs and assembler.

What I would try is to write the function in C and
then insert it in the buffer. Perhaps it is the way
you are trying to call it that matters. There is
no execution of the code as there is no load
and execute provision ipso facto in your process.

EC<:-}

dude84 wrote:
>
> E. Charters wrote:
>
>> did you terminate the string you stacked with a newline character?
>> --> "\n" ??
>
> Yes I did terminate the string with a \n character.
> I created a string variable and pushed the variable onto the stack.
> Here is a copy of the code:
> File: message2.s
> gcc2_compiled:
> ,data
> .LCO:
> .string "Hello World\n"
> .global main
> .type main,@function
> main:
> pushl $.LCO
> call printf
> addl $0x4,%esp
> call exit
> This program functions when run from a prompt. This program is
> strictly assembler.
>
>>
>> otherwise the standard C function printf will fail when you pass it
>> the address of the stack, which is what I presume you passed it.
>>
>> The other problem is that stdio.h was not known to be included in your
>> routine. How do you include it, such that the function knows where to
>> send the io?
>
> I actually added one printf to the main program to try and make the
> function available to the assembler. It didn't change anything.
>
>>
>> C may be low level and all, but mixing it with assembler may be
>> fraught with problemos.
>
>
> When I take this code and pass it into a stack based buffer
> overflow, the hex code from it does not run. The program produces
> strange results. Can anyone explain to me why this hex code would not
> work in a buffer overflow, and what I need to do in order to be able to
> do something simple like a printf from within the buffer of a buffer
> overflow (keep in mind there cannot be any \x00's in the machine code)?
>
>
>>
>>
>> EC<:-}
>>
>> dude84 wrote:
>>
>>> Hi,
>>>
>>> I need assistance with learning how to write assembler code
>>> (custom) that will work with computer security related issues like a
>>> stack based buffer overflow. Can anyone point me in the direction of
>>> a newsgroup that could help me with this?
>>> I've written a piece of assembler that calls the printf function,
>>> and when I pass it into the buffer on my machine it does nothing and
>>> segmentation faults. I'm using gas with gcc. I push the string onto
>>> the stack call the function, add the memory space back to the stack,
>>> and call the function to exit the program. I need someone's help to
>>> explain why the hex code from this program does nothing.
>>>
>>>
>>

• Previous message: E. Charters: "Re: redhat ES 3.0 memory query"
• In reply to: dude84: "Re: Linux Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]