我刚刚学习缓冲区溢出。我试图使用GCC复制它。这是我写的代码。
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
int value = 5;
char buffer_one[8], buffer_two[8];
strcpy(buffer_one, "one");
strcpy(buffer_two, "two");
printf("[BEFORE] buffer_two is at %p and contains %s\n", buffer_two, buffer_two);
printf("[BEFORE] buffer_one is at %p and contains %s\n", buffer_one, buffer_one);
printf("[BEFORE] value is at %p and contains %d\n\n", value, value);
printf("[STRCPY] copying %d bytes into buffer_two\n\n", strlen(argv[1]));
strcpy(buffer_two, argv[1]);
printf("[BEFORE] buffer_two is at %p and contains %s\n", buffer_two, buffer_two);
printf("[BEFORE] buffer_one is at %p and contains %s\n", buffer_one, buffer_one);
printf("[BEFORE] value is at %p and contains %d\n\n", value, value);
return 0;
}
好像应该有用,对吗? Buffer_two和buffer_one在内存中彼此相邻。
[BEFORE] buffer_two is at 0x7fff56ff2b68 and contains two
[BEFORE] buffer_one is at 0x7fff56ff2b70 and contains one
[BEFORE] value is at 0x5 and contains 5
然而,在此之后不久......
[STRCPY] copying 14 bytes into buffer_two
Abort trap: 6
C怎么认识到这一点?一些黑客如何执行更复杂的缓冲区溢出实际工作?
答案 0 :(得分:3)
在您的情况下,您已成功通过尝试在14 {{1}的内存区域中编写char 8来产生缓冲区溢出}}第
一旦写入已分配的内存,行为将不确定。所以,char消息就在那里。
答案 1 :(得分:2)
为什么GCC没有发生缓冲区溢出?
嗯,你的情况下 正在发生。这就是为什么,作为副作用,您可以看到 Abort 消息。
答案 2 :(得分:1)
发生缓冲区溢出时会发生undefined。这意味着任何事情都可能发生。例如,demons may fly from your nose。
这里发生的事情是你的程序崩溃了。相当无聊。