源代码是这样的
#include "stdio.h"
#include "string.h"
char code[]=
"\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41"
"\x41\x41\x41\x41\x41"
"\x41\x41\x41"
"\x41\x41\x41\x41"
"\x82\x84\x04\x08"
"\x00";
void copy(const char *input)
{
char buf[10];
strcpy(buf, input);
printf("%s \n", buf);
}
void bug(void)
{
printf("I shouldn't have appeared\n");
}
int main(int argc, char *argv[])
{
copy(code);
return 0;
}
使用gdb调试进行溢出攻击的时候,
(gdb) disasse main
Dump of assembler code for function main:
0x0000000000400603 <+0>: push %rbp
0x0000000000400604 <+1>: mov %rsp,%rbp
0x0000000000400607 <+4>: sub $0x10,%rsp
0x000000000040060b <+8>: mov %edi,-0x4(%rbp)
0x000000000040060e <+11>: mov %rsi,-0x10(%rbp)
0x0000000000400612 <+15>: mov $0x601050,%edi
0x0000000000400617 <+20>: callq 0x4005bc
0x000000000040061c <+25>: mov $0x0,%eax
0x0000000000400621 <+30>: leaveq
0x0000000000400622 <+31>: retq
End of assembler dump.
(gdb) info all-registers
The program has no registers now.
求教~THX