|
Hacking the art of exploitation, sometimes don't work
Hello all
this is a question regarding programs from the book Hacking the art of exploitation. here are the programs i am testing: notetaker.c notesearch.c both of these work but then exploit_notesearch.c auth_overflow.c don't work interesting ... is that if I compile these two exploits as a.out (gcc exploit_notesearch.c) they work but if I compile them as (gcc -o exploit_notesearch exploit_notesearch.c) the programs works but not the exploits anyone thank you |
To a very great extent, "think like a book-seller." For some reason or another, people love books about doing naughty things and especially about succeeding at doing naughty things. But reality is very boring. It doesn't sell books.
|
Or you could think like a publisher and look for erratta:
http://nostarch.com/hacking2.htm#updates http://oreilly.com/catalog/errataunc...=9781593271442 |
thank you for the suggestions, but I have already look in to those.
the real question is why does it work with ./a.out and not with ./progname? |
Page 147
It is not a typo. If you haven't already, read on. Page 147 answers your question. "The length of the name of the program seems to have an effect on the address..."
Quote:
|
Quote:
I have a Suse linux 10,2 (old test linux). My problem, noteseach.c donīt work unter suse. Here is the sourcecode: ww_w.buvica.com/ulixesfox/HCKAOD/final/building_on_basics.html The adress: bffff947 is my shellcode in inenvironment variable. ./notesearch $(perl -e 'print "\x47\xf9\xff\xbf"x40) linux say: Segment Error |
| All times are GMT -5. The time now is 05:54 PM. |