Skip to content

Commit 76397d2

Browse files
authored
Create stack_rop.c
1 parent 23011d8 commit 76397d2

File tree

1 file changed

+55
-0
lines changed

1 file changed

+55
-0
lines changed

stack_rop.c

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
2+
#include <stdlib.h>
3+
#include <stdio.h>
4+
#include <string.h>
5+
6+
int foo(char *str)
7+
{
8+
char buffer[100];
9+
unsigned int *framep;
10+
11+
// Copy ebp into framep
12+
asm("movl %%ebp, %0" : "=r" (framep));
13+
14+
/* print out information for experiment purpose */
15+
printf("Address of buffer[]: 0x%.8x\n", (unsigned)buffer);
16+
printf("Frame Pointer value: 0x%.8x\n", (unsigned)framep);
17+
18+
/* The following statement has a buffer overflow problem */
19+
strcpy(buffer, str);
20+
21+
return 1;
22+
}
23+
24+
// For the purpose of experiment
25+
void bar()
26+
{
27+
static int i = 0;
28+
printf("The function bar() is invoked %d times!\n", ++i);
29+
}
30+
31+
32+
// For the purpose of experiment
33+
void baz(int x)
34+
{
35+
printf("The value of baz()'s argument: 0x%.8X\n", x);
36+
}
37+
38+
int main(int argc, char **argv)
39+
{
40+
char str[2000];
41+
FILE *badfile;
42+
43+
char *shell = (char *)getenv("MYSHELL");
44+
if(shell){
45+
printf("The '%s' string's address: 0x%.8x\n", shell,
46+
(unsigned int)shell);
47+
}
48+
49+
badfile = fopen("badfile", "r");
50+
fread(str, sizeof(char), 2000, badfile);
51+
foo(str);
52+
53+
printf("Returned Properly\n");
54+
return 1;
55+
}

0 commit comments

Comments
 (0)