flat assembler
Message board for the users of flat assembler.
Index
> Windows > Security Question. |
Author |
|
revolution 06 Nov 2010, 22:42
Overflowz: usually buffer overflows are on the stack.
Code: format PE CONSOLE 4.0 include 'win32ax.inc' section '.data' data readable writeable ovrflw db 1000 dup ('A'),0;"AAAAAAAAAAAAAAAA",0 section '.text' code readable executable proc main call copy invoke ExitProcess,0 endp proc copy locals buffer rb 256 ;buffer is too small endl invoke lstrcpy,addr buffer,ovrflw ;overflow ret ;where will this return to? endp .end main |
|||
06 Nov 2010, 22:42 |
|
Overflowz 06 Nov 2010, 22:49
I don't understand.. locals/endl means buffer are defined in the stack ?
|
|||
06 Nov 2010, 22:49 |
|
revolution 06 Nov 2010, 23:04
Overflowz wrote: I don't understand.. locals/endl means buffer are defined in the stack ? |
|||
06 Nov 2010, 23:04 |
|
Overflowz 06 Nov 2010, 23:30
and it can't be done in .data section ? like
Code: section '.data' data readable writeable locals buffer rb 123 endl and what's difference between locals and globals ? Thanks. |
|||
06 Nov 2010, 23:30 |
|
revolution 06 Nov 2010, 23:40
Locals are on the stack and only available to the proc that allocates them.
Globals are in preallocated memory available to the whole process. You can certainly overflow your buffer in the data section but that usually doesn't make your code vulnerable to any attack (perhaps in rare circumstances, but I've never seen it). But when you overflow on the stack you also overwrite the return address and it becomes possible to start executing code that should not be executed. |
|||
06 Nov 2010, 23:40 |
|
Overflowz 06 Nov 2010, 23:51
watch, I've done something like this and works fine.. Overflow'ed successfully.
Code: format PE CONSOLE 4.0 include 'win32ax.inc' section '.data' data readable writeable msg db "Hello World!",0 ovrflw db 16 dup 0x41 buff dd 0x00402005 ;MessageBox Address ; buff2 db 4 dup 0x43 bend db 0x0 section '.text' code readable executable proc main call copy ;Overflow and EIP = 00402005 invoke MessageBox,0,msg,msg,MB_OK ;00402005 invoke ExitProcess,0 endp proc copy locals buffer rb 10 endl invoke lstrcpy,addr buffer,ovrflw ret endp .end main Thanks for info revolution! |
|||
06 Nov 2010, 23:51 |
|
baldr 07 Nov 2010, 03:47
Overflowz,
.data section is rarely useful for overflow attack (unless it contains some pointers); stack does contain them in good quantities. |
|||
07 Nov 2010, 03:47 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.