2

Assume we have a function

foo(char *name,int id)
{  
 printf ("%s%d",name,id);
}

Using buffer overflow, we replace the return address on the stack with foo function address. I was able to accomplish this.

How do i overflow function arguments too ? foo take two arguments , can someone please help me to understand how can i overflow these arguments using buffer overflow.

Improve this question
3
  • Why would you want to overwrite the arguments? Normally, you would just overwrite the return address and address some instructions that would lead to a jump to your shellcode. Commented Mar 13, 2013 at 17:54
  • yes your right ,but my purpose is not to jump to a shell code. Rather see if its possible to overwrite function arguments in the stack. Commented Mar 14, 2013 at 5:31
  • to be more clear , when the function is called - can i give my own custom parameters to that function ? Commented Mar 14, 2013 at 7:06

1 Answer 1

Reset to default
0

Theoretically yes , arguments are pushed onto the stack when the function is called but then successful overwrite depends on the layout of the stack . Also from what your objective is you have to do it in a way so as not to corrupt the data in between.

The above code has another vulnerability too , think about it .

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yes, it has format string vulnerability. I would like to learn overwriting layout of the stack.| I tried below input , but i'm facing segmentation faults... "Lenght of the string buffer" + " EBP " + "Return address" + "Arg1" + "Arg2 "

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.