Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

No function contains program counter for selected frame

I am trying to do a buffer overflow attack for a given vulnerable code. But it seems it is going wrong because, Although my exploit strings do not corrupt the stack, I cannot get my assembly code(embedded in the exploit string) worked at all.

Here is the piece of memory values before the execution of 'ret' instruction of the program I want to attack.

0x55683984:     0x5568398c   0x...(old r.a)      0x68e322a1      0x0000c31c
0x55683994:     0xf7fa9400      0x0804a3d7       0x556839c0      0xf7e518d0

At this point, Things go wrong because it cannot pop the stack and make %eip point to popped value? So my exploit assembly code doesn't work.(0x68e322a1 0x0000c31c) Gdb says No function contains program counter for selected frame. and when I try to execute it without debugging, It causes a segmentation fault.

Does this problem have something to do with the length of my assembly? (in this case it is 6)?

Program received signal SIGSEGV, Segmentation fault.
0x5568398c in ?? ()
(gdb) x 0x5568398c
0x5568398c: 0x68e322a1

how can this happen when I am able to see what's inside the address which causes segfault?

like image 599
bfaskiplar Avatar asked Nov 20 '11 10:11

bfaskiplar


2 Answers

By default disassemble prints out the code of current function. In your case the program counter points somewhere to stack and gdb wouldn't understand where are the boundaries of current function. That's why error message.

But you can manually specify a range of addresses to disassemble:

(gdb) disassemble 0x7fffffffbb00,0x7fffffffbbff
like image 55
lesnik Avatar answered Nov 12 '22 06:11

lesnik


Ok, here is the story I forgot to place a '$' in front of the address in the movl instruction in my assembly code. Thus, program was trying to access to a undefined memory address which cause a segmentation fault.

But, I do not like the way GDB notifies this situation by saying just 'No function contains program counter for selected frame'

like image 21
bfaskiplar Avatar answered Nov 12 '22 07:11

bfaskiplar