Stack Overflow Tutorial

closed account (G309216C)
Hi,

Before I begin, I must confess I am, no great teacher, so bare with me for this tutorial.

Introduction
_______________________________________________________________________________
I lately managed to make the use of the infamous Stack Overflow. A Stack Overflow can be considered a major downfall of any Application, keeping in mind that the "Industry" is making & trying to reduce Stack & Other types of Overflows.
Many of the Stack Overflows which you may come across, purposely or by accident, tend to be useless & a danger towards your application which, sometimes leads the Application to crash during runtime. There are useful ones as well which allow custom code to be executed.

I am not the best person to ask about such overflows but basically my Stack Overflow redirects Extended Instruction Pointer (EIP) towards a different Function allowing the code in that function to be executed in the place of that function.
_______________________________________________________________________________

Tutorial
_______________________________________________________________________________

I know it is getting boring to read the introduction but this is final, I promise:

If any of you are familiar with "Cyberwarfare" I am his Older Brother & I have uploaded a video in his Account. I hope you enjoy this:

Link:
http://www.youtube.com/watch?v=2utQ8ArUZ3E

Final Code:
**Slighly Different than the Tutorial's Code but does the Same**
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#include<Windows.h>
#include<stdio.h>
#define LIMIT 1024
void redirector()
{
	MessageBox(0,"Called via Stack","Ownage",MB_OK);
}
void StackOverflow(char* szBuffer)
{
	char* Bufferoverflow = new char[LIMIT];
	memset(Bufferoverflow,0x90,LIMIT);

	DWORD szfunctionaddress = (DWORD) redirector;
	for(int i = 0 ; i < (LIMIT/sizeof(DWORD)) ; i += sizeof(DWORD))
		*(DWORD*)(Bufferoverflow + i) = szfunctionaddress;

	printf("EIP redirected towards: 0x%x\n",szfunctionaddress);
	memcpy(szBuffer,Bufferoverflow,LIMIT);
	
}

int main()
{
	char szrndbuffer[32] = {0};
	char buffer[16]= {0};

	memset(szrndbuffer,'x',sizeof(szrndbuffer));

	StackOverflow(buffer);
}


Kind Regards,
SpaceWorm
Utterly useless.
If any of you are familiar with "Cyberwarfare" I am his Older Brother

http://cplusplus.com/forum/lounge/97685/

Why did your brother leave, in the first place?
closed account (G309216C)
Hi,

He left because he failed one of a Exam & basically it was quite important but nevertheless the High-School gave him a other chance, keeping in mind he normally got very high Scores. I & him normally top our year group and expected to get a seat in Harvard or MIT so the expectation tend to be quite high if not highest

So now he wants to concentrate more on Studies. I can say he still programs, but very rarely on most occasions about advanced mathematical equations. It kinda gives him a sort of edge as he can check his answers. But it does not give a big upper-hand.

You see the issue. Please forgive me if I missed anything particular, you needed to know.

Thanks,
SpaceWorm

@cire

Well, Maybe you may not understand the importance of this issue. Majority of companies, including the Multi-National Companies such as Microsoft , Intel , Symantec tend to take these type of issues very seriously.

A example of me reporting a 0-day Stack Overflow vulnerability to Microsoft:
i AM SO PROUD

http://i.imgur.com/d23wtHe.png


not only that but many of the infamous Worms out there possible few which spread through internet in ground-breaking times such as MSBlaster, also known as LoveSan, exploit RPC DCOM with a Stack Overflow.

Kind Regards,


Modern compilers have stack checking built in. We'd just used that.

That code doesn't demonstrate anything useful. What do you think it does?
A stack overflow involves the stack growing past its capacity. This is a buffer overflow. More specifically, it's a stack smashing error.

Like cire and kbw are saying, this code does nothing useful. You're overwriting main()'s return address to jump to your function, but you're doing from within from program. You may as well just make the call directly.

The buffer overflows security people are concerned with are initiated solely by user input. An attacker prepares an input so large that it exhausts the space of the application's input buffer, overwriting part of the stack. The attacker has crafted into the input the code they want the computer to execute. The malicious code is not part of the original program.
closed account (G309216C)
Well, You are right but it is just a POC rather than a actual Example as I cannot think of any Real-Time uses but it is still quite useful to learn.

How is learning to rely on a specific behavior for code that invokes undefined behavior useful for anything other than what amounts to a parlor trick in a specific version of a specific compiler using specific settings?

In VC++11 debug mode an exception is thrown when stack corruption is detected. In release mode, nothing at all happens except the printf message in the console.
closed account (G309216C)
Hi Cire,

I apologize, but this was a small snippet showing a simple Stack Overflow, because I do see people in other forums complaining about using Stack Overflows in their Application. I thought this forum also have those needs so I posted this to allow you to understand how a Stack Overflow works.

I have not yet, tried the Release configuration when creating a Stack Overflow as I never really need it in my projects. I am sure it is acknowledged by the Security Consultants & Security Developers.

I am not jumping any conclusions but I think it is due to the Additional Symbols, Visual Studio Loads in the Executable after compilation.

Thanks,
SpaceWorm
Once again, this is not stack overflow.

I am not jumping any conclusions but I think it is due to the Additional Symbols, Visual Studio Loads in the Executable after compilation.

I'm not jumping to conclusions, either. It is nothing more than a useless parlor trick that will only work in specific versions of specific compilers using specific settings.


I have not yet, tried the Release configuration [...] I never really need it in my projects

How very unsurprising.

closed account (G309216C)
Hi,

I have learnt this from a a Different Forum, which he or she called stack Overflow:
http://www.hackforums.net/showthread.php?tid=2235294

Well I am just helping few who need this.

Thanks
closed account (3qX21hU5)
Lol does anyone else have a weird feeling that SpaceWorm and Cyberwarfare are the same person?
I do. Would be a bit embarrassing if it was true, which is why I understand the detailed coverup and the excuses.
I have learnt this from a a Different Forum, which he or she called stack Overflow:
http://www.hackforums.net/showthread.php?tid=2235294
A stack buffer overflow is a buffer overflow performed on a buffer allocated on the stack (hence a "stack buffer"). It's distinct from a stack overflow which, as I said above, involves the stack growing past its capacity. Common causes of stack overflows are infinite recursion and allocating big stack arrays.

By the way, great job on the plagiarism. If you were going to steal, you could have at least gone all the way; then your post would at least be bearable to read, not that anyone would want to.
closed account (G309216C)
Sorry, But I did not even want to steal it but simply show. stop with all flaming it is just stupid now. If I did steal it I would not have even told you where I learnt from right ?

I am not CW (Cyberwarfare) I can, prove this since if I were him I would rather prefer to log in as Cyber cuz , at least I know some people and crap & they trust me so If i, were him , which i am not, I would have logged in as him.

If you really did not like it do not flame nor post. I mean I am not those idiots who c&p becuase again I would Have simply hide the post or thread where I learnt this from.
Topic archived. No new replies allowed.