Hi,
Before I begin, I must confess I am, no great teacher, so bare with me for this tutorial.
Introduction
_______________________________________________________________________________
I lately managed to make the use of the infamous Stack Overflow. A Stack Overflow can be considered a major downfall of any Application, keeping in mind that the "Industry" is making & trying to reduce Stack & Other types of Overflows.
Many of the Stack Overflows which you may come across, purposely or by accident, tend to be useless & a danger towards your application which, sometimes leads the Application to crash during runtime. There are useful ones as well which allow custom code to be executed.
I am not the best person to ask about such overflows but basically my Stack Overflow redirects Extended Instruction Pointer (EIP) towards a different Function allowing the code in that function to be executed in the place of that function.
_______________________________________________________________________________
Tutorial
_______________________________________________________________________________
I know it is getting boring to read the introduction but this is final, I promise:
If any of you are familiar with "Cyberwarfare" I am his Older Brother & I have uploaded a video in his Account. I hope you enjoy this:
Link:
http://www.youtube.com/watch?v=2utQ8ArUZ3E
Final Code:
**
Slighly Different than the Tutorial's Code but does the Same**
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
|
#include<Windows.h>
#include<stdio.h>
#define LIMIT 1024
void redirector()
{
MessageBox(0,"Called via Stack","Ownage",MB_OK);
}
void StackOverflow(char* szBuffer)
{
char* Bufferoverflow = new char[LIMIT];
memset(Bufferoverflow,0x90,LIMIT);
DWORD szfunctionaddress = (DWORD) redirector;
for(int i = 0 ; i < (LIMIT/sizeof(DWORD)) ; i += sizeof(DWORD))
*(DWORD*)(Bufferoverflow + i) = szfunctionaddress;
printf("EIP redirected towards: 0x%x\n",szfunctionaddress);
memcpy(szBuffer,Bufferoverflow,LIMIT);
}
int main()
{
char szrndbuffer[32] = {0};
char buffer[16]= {0};
memset(szrndbuffer,'x',sizeof(szrndbuffer));
StackOverflow(buffer);
}
|
Kind Regards,
SpaceWorm