Format string exploit, printing variables from stack
I'm learning about format string vulnerabilities, and I've written a test program to try them out on. This is my test program:
#include <stdio.h>
int main(int argc, char *argv[])
{
char test[] = "Whatever \n";
printf(argv[1]);
return 0;
}
If I use %p
as argv[1]
, it of course prints out an address from the stack. If I enter %s
as argv[1]
, it prints out:
__libc_start_main
Am I doing something wrong with my program, or my arguments? How can I have it print the test[]
array from the stack? This is just 开发者_如何转开发an example, I want to know how to print out any variable in general from the stack. I was just using this program so I'd have an easy example.
Some compilers might optimize out the definition of test[], which doesn't appear anywhere else in your function. Try using the array elsewhere in main.
test[] isn't going to be on the top of the stack within printf. It will be somewhere below argv[1] and the return address, so your code as written will never work. If there's a way to get it to work at all, you're going to have to give it more than one format specifier for argv[1]. You're going to need to familiarize yourself with C calling conventions, the stack, and a bit of assembly to solve this one.
精彩评论