开发者

Format string exploit, printing variables from stack

I'm learning about format string vulnerabilities, and I've written a test program to try them out on. This is my test program:

#include <stdio.h>
int main(int argc, char *argv[])
{
    char test[] = "Whatever \n";
printf(argv[1]);
return 0;
}

If I use %p as argv[1], it of course prints out an address from the stack. If I enter %s as argv[1], it prints out:

__libc_start_main

Am I doing something wrong with my program, or my arguments? How can I have it print the test[] array from the stack? This is just 开发者_如何转开发an example, I want to know how to print out any variable in general from the stack. I was just using this program so I'd have an easy example.


Some compilers might optimize out the definition of test[], which doesn't appear anywhere else in your function. Try using the array elsewhere in main.


test[] isn't going to be on the top of the stack within printf. It will be somewhere below argv[1] and the return address, so your code as written will never work. If there's a way to get it to work at all, you're going to have to give it more than one format specifier for argv[1]. You're going to need to familiarize yourself with C calling conventions, the stack, and a bit of assembly to solve this one.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜