我一直在读Jon Erickson写的一本很棒的书.我想编译一个缓冲区溢出示例并对其进行调试,但是应用程序只响应“Abort trap”而不是写出外部分配的空间.这是
Xcode还是Mac OS引入的一些安全预防措施?作者正在使用原始gcc和Debian.
#include <stdio.h> #include <string.h> int main(int argc,char *argv[]) { int value = 5; char buffer_one[8],buffer_two[8]; strcpy(buffer_one,"one"); /* put "one" into buffer_one */ strcpy(buffer_two,"two"); /* put "two" into buffer_two */ printf("[BEFORE] buffer_two is at %p and contains \'%s\'\n",buffer_two,buffer_two); printf("[BEFORE] buffer_one is at %p and contains \'%s\'\n",buffer_one,buffer_one); printf("[BEFORE] value is at %p and is %d (0x%08x)\n",&value,value,value); printf("\n[STRCPY] copying %d bytes into buffer_two\n\n",strlen(argv[1])); strcpy(buffer_two,argv[1]); /* copy first argument into buffer_two */ printf("[AFTER] buffer_two is at %p and contains \'%s\'\n",buffer_two); printf("[AFTER] buffer_one is at %p and contains \'%s\'\n",buffer_one); printf("[AFTER] value is at %p and is %d (0x%08x)\n",value); }
解决方法
这是溢出保护 – 尽管我不确定XCode / OSX,使用gcc你可以传递-fno-stack-protector并且必须关闭ASLR
linux: sudo echo 0 > /proc/sys/kernel/randomize_va_space
这篇文章帮助Smashing the Stack in 2011
您应该能够找到如何禁用保护以使用此代码.
我正在读相同的书 – 我不得不调整/谷歌周围做一些与2011年相关的事情.