1

I am going through a tutorial which shows you how to exploit a stack based buffer overflow in a sample C program. The C code is:

#include <string.h> void function(char *str) { char buffer[1024]; strcpy(buffer,str); } int main(int argc,char *argv[]) { char aaa[500]; function(argv[1]); }

As per the author if we write 1032 'A's, we should be able to see 'AAAA' in the EIP register. I understand the theory behind it. However, running it on Windows 7 32 bit and debugging it with Immunity Debugger, it says "Process terminated exit code C0000409". EIP instead points to "ntdll.RT lUserThreadStart". Please advise.

Improve this question
1
  • 1
    while the code does contain a vulnerability, your ability to exploit it depends very much on the compiler and options that you used for it. A build on a modern Visual C for example, will terminate the process before the overwritten EIP receives control. Commented Mar 30, 2016 at 15:30

2 Answers 2

Reset to default
0

As per the author if we write 1032 'A's, we should be able to see 'AAAA' in the EIP register.

That assumes that the program was compiled without (now standard) runtime safety checks. If you'd like to compile the program with these safety checks disabled, please ask for help at https://stackoverflow.com/.

Improve this answer
0

Building upon Jason's answer, this is most likely due to your compilers Buffer Security Check.

Specifically in Microsoft compilers the '/GS' option.

The MSDN page gives a better explanation aswell as a few examples.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.