Quote:
Originally Posted by southpau1
This problem is for an Intrusion Detection class in grad school.
|
For any understanding of the Intrusion issues in this example, you need a good understanding of asm as well as C:
You should compile the C to generate asm source code instead of binary and examine the asm source code to see where in the stack frame the local variables are allocated relative to the return address (or maybe relative to saved registers).
The basic buffer overflow exploit overwrites a local variable by a long enough string and with the specific value that replaces the return address with some address within the program whose execution at that moment could start the chain toward achieving the results desired by the hacker.
That involves a lot more understanding of the binary program you are attacking than you get locally from understanding the exploitable buffer. If you were learning these issues at that level, you shouldn't have needed to ask ordinary C questions.
But to get a general idea of the concepts involved, it may be appropriate to just see how an attacker could change the function's return address, rather than follow through to understand how changing the return address builds toward an effective attack.
So I still advise looking at the asm code generated by the compiler to see how it (that specific compiler at that optimization level) lays out the stack frame. Then figure out what length input string would overwrite the return address with some controlled value within the program image (so the exploit could, in theory, start an attack rather than just seg fault).