I'm following The Security Tube’s video here.
He overviews buffer overflows, and mentions how memory is executed from highest to lowest in the stack (at least with his implementation I assume). So we pass the memory address of a function that's not called in the program, into a 3 word buffer. We overflow that buffer with a 12 character string, and then the memory address backwards. So it looks something like this:
printf "123456789abc\x32\x07\x45\xb4" | ./demo
The actual address was (b4074532)
Why is it that we display the memory address backwards, but at the end of the stack? If memory is read from high to low, shouldn’t it be backwards, but at the beginning of the string we pass to the program? Obviously, this is not the case—since he showed it working. However; it seems to me that the stack would not be “overflowed” and the values \23x\cba987654321 would be executed.
Aucun commentaire:
Enregistrer un commentaire