I am learning about stack buffer overflow. A little info about my target: A x86 little endian intel-based computer, with a target compiled with TCC Compiler with no protections of any kind running on Windows XP.
I have success when I sent a shellcode of ~15 bytes to attack my own TCP home server. (Designed by myself). The attacked buffer is 20 bytes length.
I have taken precaution to send trash bytes to fill spaces and to override EBP, and attach a hardcoded address reversed to little endian.
But when I sent the same shellcode, but for attack a more bigger buffer above 20-30 bytes, It fails, jumping to a unknown ret addr.
Is compiler changing stack variables order??? I have write first small buffer, and after it a larger buffer. I have changed with a constant proportion the two to be able to fit shellcode.
Is compiler changing order, putting EIP or EBP in another place of stack?? I have disable compiler protections of TCC compiler and siabled system protection such DEP and ASLR.
I can provide more info if it's necessary, including short code fragments, if you ask me for them.
Aucun commentaire:
Enregistrer un commentaire