07-24-2023, 03:36 AM
Let me skip introduction and jump to the good part.
I am reading 'Ethical Hackers Handbook' and trying some example code (around p175).
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
Goal : overflow the EIP in the stack
Example Code :
##> cat overflow.c
main(){
char str1[10]; // declare a 10byte string
// next, copy 35 bytes of 'A' to 'str1'
strcpy(str1,"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
}
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
If I compile & run it on my x86 Laptop, then the outcome is as expected.
result on X86 with openSuse 12.1
--------------------------------
##> uname -a
Linux linux-tzxm.site 3.1.0-1.2-desktop #1 SMP PREEMPT
Thu Nov 3 14:45:45 UTC 2011 (187dde0) i686 i686 i386 GNU/Linux
##> cat /proc/sys/kernel/randomize_va_space
1
##> gcc version 4.6.2 (SUSE Linux)
##> GNU gdb (GDB) SUSE (7.3-41.1.2)
##> gdb -q overflow
Reading symbols from /home/administrator/Programming/C/testProgs/overflow...done.
(gdb) run
Starting program: /home/administrator/Programming/C/testProgs/overflow
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
(gdb) info reg eip
eip 0x41414141 0x41414141
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
However, if i do the same on my x86_64 laptop, then the outcome is different and not as expected (from my little knowledge point of view)
result on x86_64 with openSuse 11.3
-----------------------------------
##> uname -a
Linux linux-2mna.site 2.6.34.10-0.4-desktop #1 SMP PREEMPT 2011-10-19 22:16:41 +0200 x86_64 x86_64 x86_64 GNU/Linux
##> cat /proc/sys/kernel/randomize_va_space
1
##> gcc version 4.5.0 20100604
##> GNU gdb (GDB) SUSE (7.1-3.12)
##> gdb -q overflow2
Reading symbols from /home/jojojorn/Documents/Personal/HACKING/C_Prog/Tests/testProgs/overflow2...done.
(gdb) run
Starting program: /home/jojojorn/Documents/Personal/HACKING/C_Prog/Tests/testProgs/overflow2
Program received signal SIGSEGV, Segmentation fault.
0x0000000000400553 in main () at overflow.c:11
11 }
(gdb) info reg eip
Invalid register `eip'
(gdb)
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
So here are my questions :
1) why I cannot overflow the EIP on my stack on my x86_64 ? Is there a difference in stack behaviour between x86_64 and x86 ?
2) when i run the x86 compiled binary on my x86_64 and check with gdb, then the outcome is again as expected.
So I assume the difference is made using gcc 32 bit and gcc 64 bit ? For this easy code, what is and why is there a difference ?
3) If i want my code on x86_64 to behave as it was compiled on x86, is there a gcc parameter to set at compilation time ?
4) I ask this question, which means i do not yet have the proper knowledge to ask better questions. Is there something extra that comes into your genius minds that i have should asked (and which you would have answered) ?
Sincerely
I am reading 'Ethical Hackers Handbook' and trying some example code (around p175).
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
Goal : overflow the EIP in the stack
Example Code :
##> cat overflow.c
main(){
char str1[10]; // declare a 10byte string
// next, copy 35 bytes of 'A' to 'str1'
strcpy(str1,"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
}
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
If I compile & run it on my x86 Laptop, then the outcome is as expected.
result on X86 with openSuse 12.1
--------------------------------
##> uname -a
Linux linux-tzxm.site 3.1.0-1.2-desktop #1 SMP PREEMPT
Thu Nov 3 14:45:45 UTC 2011 (187dde0) i686 i686 i386 GNU/Linux
##> cat /proc/sys/kernel/randomize_va_space
1
##> gcc version 4.6.2 (SUSE Linux)
##> GNU gdb (GDB) SUSE (7.3-41.1.2)
##> gdb -q overflow
Reading symbols from /home/administrator/Programming/C/testProgs/overflow...done.
(gdb) run
Starting program: /home/administrator/Programming/C/testProgs/overflow
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
(gdb) info reg eip
eip 0x41414141 0x41414141
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
However, if i do the same on my x86_64 laptop, then the outcome is different and not as expected (from my little knowledge point of view)
result on x86_64 with openSuse 11.3
-----------------------------------
##> uname -a
Linux linux-2mna.site 2.6.34.10-0.4-desktop #1 SMP PREEMPT 2011-10-19 22:16:41 +0200 x86_64 x86_64 x86_64 GNU/Linux
##> cat /proc/sys/kernel/randomize_va_space
1
##> gcc version 4.5.0 20100604
##> GNU gdb (GDB) SUSE (7.1-3.12)
##> gdb -q overflow2
Reading symbols from /home/jojojorn/Documents/Personal/HACKING/C_Prog/Tests/testProgs/overflow2...done.
(gdb) run
Starting program: /home/jojojorn/Documents/Personal/HACKING/C_Prog/Tests/testProgs/overflow2
Program received signal SIGSEGV, Segmentation fault.
0x0000000000400553 in main () at overflow.c:11
11 }
(gdb) info reg eip
Invalid register `eip'
(gdb)
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
So here are my questions :
1) why I cannot overflow the EIP on my stack on my x86_64 ? Is there a difference in stack behaviour between x86_64 and x86 ?
2) when i run the x86 compiled binary on my x86_64 and check with gdb, then the outcome is again as expected.
So I assume the difference is made using gcc 32 bit and gcc 64 bit ? For this easy code, what is and why is there a difference ?
3) If i want my code on x86_64 to behave as it was compiled on x86, is there a gcc parameter to set at compilation time ?
4) I ask this question, which means i do not yet have the proper knowledge to ask better questions. Is there something extra that comes into your genius minds that i have should asked (and which you would have answered) ?
Sincerely