I'm currently learning about C and trying to find out more about how memory in a stack works, and how gdb can be used to help.

Below is a code snippet of my problem:

bool thisEvaluatesToFalse(char* something) {
    return false;
}

void main() {
    char something[10];
    puts("My plan is to input a specific string over 10 characters than will achieve my goal:");
    gets(something);

    if (thisEvaluatesToFalse(something)) {
        puts("If this runs, its a success!");
    }
}

The idea is, my success message will never run unless I exploit gets to input a something over 10 characters, causing an overflow that overwrites the return address of the function to where the success message is.

I understand I'm supposed to take a look at the assembly code with gdb and look out for an address, but I'm not exactly sure how to do this.

Could anyone guide me or show me an example? Thanks!

CodePudding user response：

Try this, hope it helps you figure this out. Good luck!

Consider moving gets into thisEvaluatesToFalse to overwrite the return address pushed by main so the return from thisEvaluatesToFalse will return to the puts of success.

Like this:

#include <stdio.h>

unsigned int thisEvaluatesToFalse() {
    char something[10];
    gets(something);
    return 0xdeadbeef;
}

int main() {
    puts("My plan is to input a specific string over 10 characters than will achieve my goal:");
    if (thisEvaluatesToFalse()) {
        puts("If this runs, its a success!");
    }
    return 0;
}

Here are the highlights of working w/ gdb.

gcc main.c -fno-stack-protector -ggdb
gdb a.out
(gdb) disass main

   0x0000000100003eeb < 27>:    call   0x100003eb0 <thisEvaluatesToFalse>
   0x0000000100003ef0 < 32>:    cmp    $0x0,