#include
#include
#include
Void func (int key) {
Char overflowme [32].
Printf (" overflow me: ");
Gets (overflowme);//smash me!
If (key==0 xcafebabe) {
System ("/bin/sh ");
}
The else {
Printf (" Nah.. \n");
}
}
Int main (int arg c, char * argv []) {
Func (0 xdeadbeef);
return 0;
}
GCC - S get assembly code
The file "PWN. C
". Section. Rodata
LC0:
The string "overflow me:
"LC1:
The string "/bin/sh
"LC2:
The string "nah.. "
The text
. Globl func
The func, @ function
Func:
LFB2:
. Cfi_startproc
RBP pushq %
16. Cfi_def_cfa_offset
. Cfi_offset 6-16
RSP movq %, % RBP
6. Cfi_def_cfa_register
RSP subq at $64, %
Movl % edi, - 52 (RBP) %
Movq % fs: 40, % rax
RBP movq % rax - 8 (%)
Xorl % eax and % eax
Movl $. LC0, % edi
Movl $0, % eax
Call printf
Leaq - 48 (RBP) %, % rax
Rax movq %, % rdi
Movl $0, % eax
The call gets
RBP CMPL $- 889275714-52 (%)
Developed. The L2
Movl $. LC1, % edi
Call system
JMP. L5
L2:
Movl $. LC2, % edi
Call the puts
L5:
The nop
Movq - 8 (RBP) %, % rax
Xorq % fs: 40, % rax
Je. L4
Call __stack_chk_fail
L4:
Leave
. Cfi_def_cfa 7, 8
Ret
. Cfi_endproc
LFE2:
. The size func,. - func
. Globl main
The main, @ function
Main:
LFB3:
. Cfi_startproc
RBP pushq %
16. Cfi_def_cfa_offset
. Cfi_offset 6-16
RSP movq %, % RBP
6. Cfi_def_cfa_register
Subq $16, % RSP
Movl % edi, 4 (RBP) %
Movq % rsi, - 16 (RBP) %
Movl $- 559038737, % edi
Call func
Movl $0, % eax
Leave
. Cfi_def_cfa 7, 8
Ret
. Cfi_endproc
LFE3:
.. The size, the main - the main
Is "the ident GCC: (Ubuntu 5.4.0-6 ubuntu1 ~ 16.04.12) 5.4.0 20160609"
. Section. Note. The GNU - stack, ", "@ progbits
Beginners, will learn little by little and bit by bit after analysis here below in some detail, interested can post their own understanding and analysis of oh,
CodePudding user response:
Can suggest using VS6, inside the assembly code and C code, at the same time to facilitate learning, sentence by sentenceBeginners assembly language, can from the if - else, function calls,
CodePudding user response: