c - Do anyone konow why I get SIGSEGV, segmentation fault by execution 0x90 -


i segmentation fault error executing 0x90 why cold happen ??

this c code :

#include<stdio.h> #include<string.h> #include<unistd.h> #include<stdlib.h> #include<stdint.h> char * buffer;   int64_t * startptr; int64_t * endptr; int64_t * exploitaddress;  int test() {      printf("test\n");     return 0; }  void main(int argc, char ** argv) {     char buffer[512];     startptr = (int64_t *) &test;     printf("funcptr : \n %p\n", startptr);     printf("bufferptr : \n %p\n", buffer);     strcpy(buffer, argv[1]);     printf("string : \n%s\n", buffer);  }

this doing in gdb :

(gdb) run `python -c 'print "\x90" * (256+8) + "\x90"*(256) + "\x30\xd8\xff\xff\xff\x7f\x00\x00"'` starting program: /home/nikolaij/schreibtisch/bufferoverflow/opengl `python -c 'print "\x90" * (256+8) + "\x90"*(256) + "\x30\xd8\xff\xff\xff\x7f\x00\x00"'` funcptr :   0x4005b6 bufferptr :   0x7fffffffd800 string :  ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������0����  program received signal sigsegv, segmentation fault. 0x00007fffffffd830 in ?? () (gdb) info reg rax            0x219    537 rbx            0x0  0 rcx            0x7ffffde7   2147483111 rdx            0x7ffff7dd3780   140737351858048 rsi            0x1  1 rdi            0x1  1 rbp            0x9090909090909090   0x9090909090909090 rsp            0x7fffffffda10   0x7fffffffda10 r8             0x0  0 r9             0x219    537 r10            0x20e    526 r11            0x246    582 r12            0x4004c0 4195520 r13            0x7fffffffdae0   140737488345824 r14            0x0  0 r15            0x0  0 rip            0x7fffffffd830   0x7fffffffd830 eflags         0x10206  [ pf if rf ] cs             0x33 51 ---type <return> continue, or q <return> quit--- ss             0x2b 43 ds             0x0  0 es             0x0  0 fs             0x0  0 gs             0x0  0 (gdb) x /64xb 0x00007fffffffd830 0x7fffffffd830: 0x90    0x90    0x90    0x90    0x90    0x90    0x90    0x90 0x7fffffffd838: 0x90    0x90    0x90    0x90    0x90    0x90    0x90    0x90 0x7fffffffd840: 0x90    0x90    0x90    0x90    0x90    0x90    0x90    0x90 0x7fffffffd848: 0x90    0x90    0x90    0x90    0x90    0x90    0x90    0x90 0x7fffffffd850: 0x90    0x90    0x90    0x90    0x90    0x90    0x90    0x90 0x7fffffffd858: 0x90    0x90    0x90    0x90    0x90    0x90    0x90    0x90 0x7fffffffd860: 0x90    0x90    0x90    0x90    0x90    0x90    0x90    0x90 0x7fffffffd868: 0x90    0x90    0x90    0x90    0x90    0x90    0x90    0x90 (gdb)

notice :

0x7fffffffd830: 0x90 rip            0x7fffffffd830   0x7fffffffd830

compiling :

gcc test.c -fno-stack-protector -o opengl

the program name "opengl" has nothing program. it's older programm.

thanks help.

you need build -wl,-z,execstack.

most modern systems protect against putting executable code on stack, in order protect against stack overflow attack trying implement.

documentation.


Comments

Post a Comment

Popular posts from this blog

'hasOwnProperty' in javascript -

i use obj.hasownproperty judge whether object has property, when replaced obj[prop] !== undefined , not normal implementation, ask, why behind method can not use it? object.hasownproperty(prop); object[prop] !== undefined; obj[prop] !== undefined wrong 2 reasons: you can explicitly set property undefined , obj[prop] = undefined; . obj.hasownproperty(prop) return true in case. obj[prop] follow prototype chain, return property that's inherited. obj.hasownproperty(prop) returns true if property exists directly in object, returns false inherited properties.
Read more

python - ValueError: No axis named 1 for object type <class 'pandas.core.series.Series'> -

i´m new programming. i´m trying use scipy minimize, had several issues , gotten through of them. right code, i'm not understanding why i´m getting error. par_opt = so.minimize(fun=fun_obj, x0=par_ini, method='nelder-mead', args=[series_pt_cal, dt, series_caudal_cal]) not enough info given op, somewhere in code it's specified operate data frame column (axis=1) on object pandas series. if code typically works occasional gives errors, check degenerative cases data frame may have 1 row. pandas has nasty habit of guessing want -- may decide reduce 1-row data frame series (e.g., apply() function; can disable using reduce=false in there). add line of code check object isinstance(df, pd.dataframe) or else convert offending pandas series data frame, s.to_frame().t problems had deal with.
Read more

java - How to provide dependency injections in Eclipse RCP 3.x? -

everyone! i'm trying deal eclipse rcp 3.x application. i've read lot of articles dependency injection in rcp e4 applications. can use di in rcp 3.x apps? i found perfect link di in e4. idea how use in rcp 3.x app? first of all, i'm interested in own objects injection (btw, how add own object application context?). best regards in 3.x code can ieclipsecontext necessary use contextinjectionfactory using ieclipsecontext workbenchcontext = platformui.getworkbench().getservice(ieclipsecontext.class); to workbench context. in view or editor can current part context using: ieclipsecontext partcontext = getsite().getservice(ieclipsecontext.class);
Read more