/*
StackOverrun.c
This program shows an example of how a stack-based
buffer overrun can be used to execute arbitrary code. Its
objective is to find an input string that executes the function bar.
*/
#pragma check_stack(off)
#include <string.h>
#include <stdio.h>
void foo(const char* input)
{
char buf[10];
printf("My stack looks like:\n%p\n%p\n%p\n%p\n%p\n% p\n\n");
printf("Now the stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n\n"); }
void bar(void)
{
printf("Augh! I've been hacked!\n"); }
int main(int argc, char* argv[])
{
//Blatant cheating to make life easier on myself
printf("Address of foo = %p\n", foo
); printf("Address of bar = %p\n", bar
); if (argc != 2)
{
printf("Please supply a string as an argument!\n"); return -1;
}
foo(argv[1]);
return 0;
}
LyoKICBTdGFja092ZXJydW4uYwogIFRoaXMgcHJvZ3JhbSBzaG93cyBhbiBleGFtcGxlIG9mIGhvdyBhIHN0YWNrLWJhc2VkIAogIGJ1ZmZlciBvdmVycnVuIGNhbiBiZSB1c2VkIHRvIGV4ZWN1dGUgYXJiaXRyYXJ5IGNvZGUuICBJdHMgCiAgb2JqZWN0aXZlIGlzIHRvIGZpbmQgYW4gaW5wdXQgc3RyaW5nIHRoYXQgZXhlY3V0ZXMgdGhlIGZ1bmN0aW9uIGJhci4KKi8KCiNwcmFnbWEgY2hlY2tfc3RhY2sob2ZmKQoKI2luY2x1ZGUgPHN0cmluZy5oPgojaW5jbHVkZSA8c3RkaW8uaD4gCgp2b2lkIGZvbyhjb25zdCBjaGFyKiBpbnB1dCkKewogICAgY2hhciBidWZbMTBdOwoKICAgIHByaW50ZigiTXkgc3RhY2sgbG9va3MgbGlrZTpcbiVwXG4lcFxuJXBcbiVwXG4lcFxuJSBwXG5cbiIpOwoKICAgIHN0cmNweShidWYsIGlucHV0KTsKICAgIHByaW50ZigiJXNcbiIsIGJ1Zik7CgogICAgcHJpbnRmKCJOb3cgdGhlIHN0YWNrIGxvb2tzIGxpa2U6XG4lcFxuJXBcbiVwXG4lcFxuJXBcbiVwXG5cbiIpOwp9Cgp2b2lkIGJhcih2b2lkKQp7CiAgICBwcmludGYoIkF1Z2ghIEkndmUgYmVlbiBoYWNrZWQhXG4iKTsKfQoKaW50IG1haW4oaW50IGFyZ2MsIGNoYXIqIGFyZ3ZbXSkKewogICAgLy9CbGF0YW50IGNoZWF0aW5nIHRvIG1ha2UgbGlmZSBlYXNpZXIgb24gbXlzZWxmCiAgICBwcmludGYoIkFkZHJlc3Mgb2YgZm9vID0gJXBcbiIsIGZvbyk7CiAgICBwcmludGYoIkFkZHJlc3Mgb2YgYmFyID0gJXBcbiIsIGJhcik7CiAgICBpZiAoYXJnYyAhPSAyKSAKIHsKICAgICAgICBwcmludGYoIlBsZWFzZSBzdXBwbHkgYSBzdHJpbmcgYXMgYW4gYXJndW1lbnQhXG4iKTsKICAgICAgICByZXR1cm4gLTE7Cgl9IApmb28oYXJndlsxXSk7CiAgICByZXR1cm4gMDsKfQ==