I have a simple code that was taken from Protostar 0 (format string) - The code was changed a little (see below).
I have examined the stack frame of the vuln function. I noticed that between the locals and ebp there are two values.
Not sure if these two values are canaries or not, because I compiled the program as folowing:
gcc proto_0.c -o proto_0 -fno-stack-protector -m32
From my understanding -fno-stack-protector flag disables canaries, so what are these values?
void vuln(char *string)
{
int target = 1;
char buffer[32];
sprintf(buffer, string);
if(target == 0xdeadbeef) {
printf("you have hit the target correctly :)\n");
}
}
int main(int argc, char **argv)
{
vuln(argv[1]);
}
Stack Frame:
ret address
saved ebp
0x00000000
0xf7fab3fc
target
buffer
Expected Stack Frame:
ret address
saved ebp
target
buffer
User contributions licensed under CC BY-SA 3.0