#include
#include
#include
void overflow(char *str)
{
char buffer[4];
strcpy(buffer,str);
return;
}
void hijacked()
{
printf("\tYou've been hijacked!\n");
exit(0);
return;
}
void main()
{
char bigbuff[]={'a','b','c','d', /*buffer*/
'e','f','g','h', /* ebp */
'\x0','\x0','\x0','\x0'}; /*IP*/
void *fptr;
unsigned long *lptr;
printf("bigbuff = %s\n",bigbuff);
fptr = hijacked;
lptr = (unsigned long*)(&bigbuff[8]);
*lptr = (unsigned long)fptr;
printf("In main()\n");
overflow(bigbuff);
printf("Back in main()\n");
return;
}
No comments:
Post a Comment