Hacking the art of exploitation, sometimes don't work

atomas123 · 01-16-2012, 10:46 AM

Hello all
this is a question regarding programs from the book Hacking the art of exploitation.
here are the programs i am testing:
notetaker.c
notesearch.c
both of these work
but then
exploit_notesearch.c
auth_overflow.c
don't work

interesting ... is that if I compile these two exploits as a.out (gcc exploit_notesearch.c)
they work
but if I compile them as (gcc -o exploit_notesearch exploit_notesearch.c) the programs works but not the exploits

anyone
thank you

sundialsvcs · 01-16-2012, 11:17 AM

To a very great extent, "think like a book-seller." For some reason or another, people love books about doing naughty things and especially about succeeding at doing naughty things. But reality is very boring. It doesn't sell books.

dugan · 01-16-2012, 07:01 PM

Or you could think like a publisher and look for erratta:

http://nostarch.com/hacking2.htm#updates
http://oreilly.com/catalog/errataunc...=9781593271442

atomas123 · 01-17-2012, 04:42 AM

thank you for the suggestions, but I have already look in to those.

the real question is why does it work with ./a.out and not with ./progname?

jkahlich1 · 02-18-2012, 07:35 PM

It is not a typo. If you haven't already, read on. Page 147 answers your question. "The length of the name of the program seems to have an effect on the address..."

Quote:

Originally Posted by atomas123

thank you for the suggestions, but I have already look in to those.

the real question is why does it work with ./a.out and not with ./progname?

tomycat · 04-14-2013, 01:01 PM

Quote:

Originally Posted by jkahlich1

It is not a typo. If you haven't already, read on. Page 147 answers your question. "The length of the name of the program seems to have an effect on the address..."

hi,
I have a Suse linux 10,2 (old test linux).
My problem, noteseach.c don´t work unter suse.

Here is the sourcecode:
ww_w.buvica.com/ulixesfox/HCKAOD/final/building_on_basics.html

The adress: bffff947 is my shellcode in inenvironment variable.

./notesearch $(perl -e 'print "\x47\xf9\xff\xbf"x40)

linux say: Segment Error