Wednesday, July 15, 2009

Find current stack view. Dont be a hacker

this is a simple c code for accessing what is the current stack contain

#include
int main()
{
printf("%8x.%8x.%8x.%8x");
//how much time you reapeat you will get one step below from the current stack pointer and it ends //on the null
}

explanation:
this is known as format string vulnerability
usually printf() function in c require minimum 2 or more arguments ie.format string as well as the value of the variable to be formated.
here used %x is hexadecimal format 08 for 8 places
if we closely look at the implementation of printf, the last argument is put on the stack is address of printf function here no more arguments so it is being a function call it can trace the entire stack.

No comments:

Post a Comment

LinkWithin

Related Posts with Thumbnails