开发者

C# creating buffer overflow

问答 作者:

I'm trying to create a buffer overflow with C# for a school project:

unsafe
{
    fixed (char* ptr_str = new char[6] {'H', 'a', 'l', 'l', 'o', ','})
    {
        fixed (char* ptr_str2 = new char[6] {'W', 'e', 'r', 'e', 'l', 'd'})
        {
            fixed (char* ptr_str3 = new char[6] {'!', '!', '!', '!', '!', '!'})
            {
                for (int i = 0; i < 8; i++)
                {
                    ptr_str2[i] = 'a';
                }

                for (int i = 0; i < 6; i++)
                {
                    this.Label2.Text += ptr_str[i];
                    this.Label3.Text += ptr_str2[i];
                    this.Label4.Text += ptr_str3[i];
                }
            }
        }
    }
}

I thought this would flood ptr_str2 and thereby overwriting chars in ptr_str. However that does not seem to happen. It does execute but the values in ptr开发者_Go百科_str are not overwritten.

Can anyone help with achieving this? I don't understand what I'm doing wrong.

Stack overflow is an overflow of calling stack. It is done much easier:

int Test ()
{
    return Test ();
}

Console.WriteLine (Test ());

If you meant buffer overflow, there is a similar question.

The traditional attack that exploits a buffer overflow overflows a stack buffer; you are overflowing a heap buffer. It is a lot easier to see a write to one buffer smashing another buffer when they're both on the stack. Try using stackalloc instead of new char to force the allocation into the stack.

You are missing the fact that arrays are objects themselves. They have an object header like any managed reference type and a private field that stores the array size. You have to overwrite those first before you start overwriting the array elements. On a 32-bit machine, you'll start overwriting the first element of ptr_str2 with this:

                        for (int i = 0; i < 13; i++) {
                            ptr_str[i] = 'a';
                        }

Of course, it had to be 13.

Observe this by setting a breakpoint on the for loop. Debug + Windows + Memory + Memory 1, type "ptr_str" in the Address box. Step the code to see the memory getting changed. You'll see ptr_str2 right after that, 4 bytes for the syncblk, 4 bytes for the method table pointer and 4 bytes for the array length. 12 bytes total, 6 chars.

You do not seem to be making a Stackoverflow here - you aren't really using the stack at all. You seem instead to be trying to create a buffer overflow, I assume thinking that unsafe C# is like C, which it is similar but with several important differences.

A stackoverflow can be made simply:

public void Stackoverflow()
{
    Stackoverflow();
}

and then by calling Stackoverflow() somewhere.

继续阅读:bufferoverflowunsafe

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9