How to find address of a pointer to string during function call in c

0

I'm trying to learn buffer overflows from the book "The art of Exploitation - Jon Erickson". I have attached the code that was given.

The next step after compiling the code was to debug it using gdb. A breakpoint was set up just before the line 

if(check_authentication(argv[1]))

and I ran the code with command line argument 

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

When the breakpoint was reached, i ran the following in gdb and got the corresponding output: 

(gdb) i r rsp
rsp            0x7fffffffdcc0   0x7fffffffdcc0
(gdb) x/32xw $rsp
0x7fffffffdcc0: 0x00000000   0x000000ff   0xffffe1e0   0x00007fff
0x7fffffffdcd0: 0x00000000   0x00000000   0x00000000   0x00000000
0x7fffffffdce0: 0x00000001   0x00000000   0x0040083d   0x00000000
0x7fffffffdcf0: 0x00000000   0x00000000   0x0e56b100   0x0d94ed6d
0x7fffffffdd00: 0xffffdd20   0x00007fff   0x004007b3   0x00000000
0x7fffffffdd10: 0xffffde08   0x00007fff   0x00000000   0x00000002
0x7fffffffdd20: 0x004007f0   0x00000000   0xf7a2d830   0x00007fff
0x7fffffffdd30: 0x00000000   0x00000000   0xffffde08   0x00007fff

Now, I know the following consist of values from main's stackframe, and I figured out that 0x4007b3 is the return value after looking at the dump of main code. I want to know what value from the above points to my command line input.

I'm working on Ubuntu Linux. I tried using x/32b on all the values but I cannot find the 30 A's i gave in input.

The code is below:

    int check_authentication(char *password){
            char password_buffer[16];
            int auth_flag = 0;

            printf("auth_flag: %p\n", &auth_flag);
            printf("password_buffer: %p\n", password_buffer);

            strcpy(password_buffer,password);

            if(strcmp(password_buffer, "brillig") == 0) auth_flag = 1;
            if(strcmp(password_buffer, "outgrabe") == 0) auth_flag = 1;

            return auth_flag;
    }

    int main(int argc, char *argv[]){
        if(argc < 2){
            printf("Usage: %s <password>\n", argv[0]);
            exit(0);
        }

        if(check_authentication(argv[1])){
            printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
            printf("      Access Granted.\n");
            printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
        }
        else{
            printf("\nAccess Denied.\n");
        }
    }
c
assembly
x86-64
att
asked on Stack Overflow Mar 24, 2019 by Thinkboom • edited Mar 24, 2019 by fuz

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0