缓冲区溢出光速入门（Introduction to the speed of light in buffer overflow）.docVIP

缓冲区溢出光速入门（Introduction to the speed of light in buffer overflow） Buffer overflow Application: buffer overflow in interest but the masses always miss the point. Author: watercloud@ Date: written in 2006-2, revised in 2007-9 Buffer overflow base When buffer overflows are typically written to an array, the length of data written exceeds the size of the original array definition. For example, before you defined int buff[10], then the only buff[0] - buff[9] space is when we define buff The legal space of the application, but when the data is written, the buff[12]=0x10 is out of bounds. C language commonly used Strcpy, sprintf, strcat, and other functions are very easy to cause buffer overflow problems. When you look at books written in C language, you usually tell you that unexpected results can occur after the program overflows. In the network security The art of using buffer overflow in the whole field is to make this unexpected outcome change to our desired result. See the demo below: buf.c Buffer overflow example by watercloud@ * / / * #includestdio.h Void why_here (void) / * this function does not call any place. { Printf (why, u, here, \n); _exit (0); } Int main (int, argc, char * argv[]) { Int buff[1]; Buff[2]= (int) why_here; Return 0; } On the command line, compiled by the VC command line compiler (compiled and run in Linux under GCC) is the same result: C:\Tempcl buf.c Running program: C:\Tempbuf.exe Why, u, here?! By carefully analyzing the program and printing the information, you can see that we have not called the why_here function in the program, but the function has not Is called at run time!! The only explanation here is buff[2]=why_here; the operation leads to changes in the program execution flow. To explain this phenomenon, you need to understand some of the underlying C language (and computer architecture related) and some compilation knowledge, especially Stack and the compilation of CALL/RET knowledge, if you still have a lack of this, it is recomm