I am trying to do a buffer overflow attack for a given vulnerable code. But it seems it is going wrong because, Although my exploit strings do not corrupt the stack, I cannot get my assembly code(embedded in the exploit string) worked at all.
Here is the piece of memory values before the execution of 'ret' instruction of the program I want to attack.
0x55683984: 0x5568398c 0x...(old r.a) 0x68e322a1 0x0000c31c
0x55683994: 0xf7fa9400 0x0804a3d7 0x556839c0 0xf7e518d0
At this point, Things go wrong because it cannot pop the stack and make %eip point to popped value? So my exploit assembly code doesn't work.(0x68e322a1 0x0000c31c) Gdb says No function contains program counter for selected frame. and when I try to execute it without debugging, It causes a segmentation fault.
Does this problem have something to do with the length of my assembly? (in this case it is 6)?
Program received signal SIGSEGV, Segmentation fault.
0x5568398c in ?? ()
(gdb) x 0x5568398c
0x5568398c: 0x68e322a1
how can this happen when I am able to see what's inside the address which causes segfault?
By default disassemble
prints out the code of current function. In your case the program counter points somewhere to stack and gdb wouldn't understand where are the boundaries of current function. That's why error message.
But you can manually specify a range of addresses to disassemble:
(gdb) disassemble 0x7fffffffbb00,0x7fffffffbbff
Ok, here is the story I forgot to place a '$' in front of the address in the movl instruction in my assembly code. Thus, program was trying to access to a undefined memory address which cause a segmentation fault.
But, I do not like the way GDB notifies this situation by saying just 'No function contains program counter for selected frame'
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With