#include <stdio.h>
#include <stdlib.h>
void badf(int n, char c, char* buffer)
{
int i;
for (i=0; i<n; i++)
{
buffer[i]=c;
}
}
void f(int n, char c)
{
char buffer[16];
badf(n,c,buffer);
}
void message ()
{
printf("Hello\n");
}
int main()
{
f(32,0x08048411);
return 0;
}
This is the code I got so far (got given the base of it and got to stick to it, thats why there is a badf and f function)
The goal is that the program prints the Hello message by overflowing to the Instruction pointer. Using Data display debugger in Ubuntu, I believe the address of this display is 0x0804811.
When I run the program through and use x/16x $esp the next address in the stack is just 1s (am guessing only the last two digits are being taken from the address above)
What am wondering is how I would make the next address the full address and not just the last two digits.
Also the 32 is calculated from 16 (buffer defined above) + 8 (base pointer) + 8 (Instruction pointer)
Thanks in advance for any help as I know this specific problem.
Do not pass the address via an 8bit integer (char
) but use a type wide enough ... - that is at least 32bits.
Modify as follows:
void badf(int n, unsigned int u, char* buffer)
...
void f(int n, unsigned int u)
...