Here is a similar code to one that I saw in a video on the web:
#include <cstdio>
#include <cstring>
void somefunc(const char *input)
{
using namespace std;
char buf[5];
// Displays the stack
printf("Stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");
//Buffer overflow
strcpy(buf, input);
printf("%s\n", buf);
printf("Now the stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");
}
void somefunc2()
{
printf("somefun c2()\n");
}
int main(int argc, char *argv[])
{
using namespace std;
printf("Address of somefunc = %p\n", somefunc);
printf("Address of somefunc2 = %p\n", somefunc2);
somefunc(argv[1]);
}
So, can we be sure that we can display the contents of the stack in this way?
--
Ioannis Vranos http://www23.brinkster.com/noicys 9 3263
Ioannis Vranos wrote: Here is a similar code to one that I saw in a video on the web:
#include <cstdio> #include <cstring>
void somefunc(const char *input) { using namespace std;
char buf[5];
// Displays the stack printf("Stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");
//Buffer overflow strcpy(buf, input);
printf("%s\n", buf);
printf("Now the stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n"); }
void somefunc2() { printf("somefun c2()\n"); }
int main(int argc, char *argv[]) { using namespace std;
printf("Address of somefunc = %p\n", somefunc);
printf("Address of somefunc2 = %p\n", somefunc2);
somefunc(argv[1]); } So, can we be sure that we can display the contents of the stack in this way?
Definitely not. Calling 'printf' with fewer arguments than fields
specified by the format string causes undefined behaviour. What happens
in that case *could* be that 'printf' shows you the stack contents or it
*could* be that your hard drive is reformatted or that all your friends
receive obscene e-mails originating from you.
V
Ioannis Vranos wrote: Here is a similar code to one that I saw in a video on the web:
#include <cstdio> #include <cstring>
void somefunc(const char *input) { using namespace std;
char buf[5];
// Displays the stack printf("Stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");
//Buffer overflow strcpy(buf, input);
printf("%s\n", buf);
printf("Now the stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n"); }
void somefunc2() { printf("somefun c2()\n"); }
int main(int argc, char *argv[]) { using namespace std;
printf("Address of somefunc = %p\n", somefunc);
printf("Address of somefunc2 = %p\n", somefunc2);
somefunc(argv[1]); } So, can we be sure that we can display the contents of the stack in this way?
What's the deal with the %p?
`info coreutils printf` tells me it evaluates to AM or PM, depending on
your locale settings. It's a date/time specific thing o_O
--
Matthias Kaeppler
Matthias Kaeppler wrote: What's the deal with the %p? `info coreutils printf` tells me it evaluates to AM or PM, depending on your locale settings. It's a date/time specific thing o_O
That's what it means in calls to strftime. In calls to printf and its
relatives it displays the value of a pointer.
--
Pete Becker
Dinkumware, Ltd. ( http://www.dinkumware.com)
Matthias Kaeppler wrote: What's the deal with the %p? `info coreutils printf` tells me it evaluates to AM or PM, depending on your locale settings. It's a date/time specific thing o_O
?
--
Ioannis Vranos http://www23.brinkster.com/noicys
Victor Bazarov wrote: Definitely not. Calling 'printf' with fewer arguments than fields specified by the format string causes undefined behaviour. What happens in that case *could* be that 'printf' shows you the stack contents or it *could* be that your hard drive is reformatted or that all your friends receive obscene e-mails originating from you.
OK, so ISO C++ speaking it is not guaranteed this to work. However in practice it looks
like it is working. Have you seen this before?
I got the code from a code-security oriented video.
--
Ioannis Vranos http://www23.brinkster.com/noicys
Ioannis Vranos wrote: Victor Bazarov wrote:
Definitely not. Calling 'printf' with fewer arguments than fields specified by the format string causes undefined behaviour. What happens in that case *could* be that 'printf' shows you the stack contents or it *could* be that your hard drive is reformatted or that all your friends receive obscene e-mails originating from you.
OK, so ISO C++ speaking it is not guaranteed this to work. However in practice it looks like it is working. Have you seen this before?
No, I hadn't. Nor would I trust hacker instructional videos when
learning about language features.
I got the code from a code-security oriented video.
Victor Bazarov wrote: No, I hadn't. Nor would I trust hacker instructional videos when learning about language features.
Actually it was about code security and protecting from hackers and not the opposite. This
shows how buffer overruns look like, and just to provide a useful summary on this, the
bottom line was that apart from using strncpy() etc (which can also be circumvented with
various tricks), in all these types of attacked programs the data are not checked at the
point of input, and we should consider *any* input as unsafe and validate it at the point
of its introduction.
--
Ioannis Vranos http://www23.brinkster.com/noicys
Ioannis Vranos wrote: Victor Bazarov wrote:
No, I hadn't. Nor would I trust hacker instructional videos when learning about language features. Actually it was about code security and protecting from hackers and not the opposite. [...]
Just to let you know that the best security algorithms are invented by
hackers, and knowing how a system can be broken is necessary to be able
to protect it. Instructional videos for hackers or for security personnel
are interchangeable . If you want to be able to break into a system you
might want to learn what is taught to those who are trying to protect it
and vice versa.
And my recommendation for you: if you want your code to be safe, you
should use all means possible to avoid undefined behaviour. Using printf
in the manner you asked about may not be that susceptible to any hacking,
but considering it OK because "it looks like it is working" is a very
dangerous practice.
V
Victor Bazarov wrote: And my recommendation for you: if you want your code to be safe, you should use all means possible to avoid undefined behaviour. Using printf in the manner you asked about may not be that susceptible to any hacking, but considering it OK because "it looks like it is working" is a very dangerous practice.
Of course. I found it interesting to display the stack in this way though. :-)
--
Ioannis Vranos http://www23.brinkster.com/noicys This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: CoderGuy |
last post by:
Hello
I am reading up a bit on how memmory is used in the .NET Framework and have a few question
about the stack-based approach
* I understand that the stack is used to provide a layer of abstractio
between the CLR and the underlaying memory hardware (porting to anothe
architecture should not change the program, i.e you dont work with register
directly)
|
by: chirag |
last post by:
i wrote the following code for the comments given. however, i am getting
some errors in it. it says local function definitation are illegal.. plese
scan through the following code. thanks.
void Stack::print()
// Prints the contents of a stack from top to bottom. The stack
// is not changed. Does not call any Stack member functions.
{
int item;
if (aList.isEmpty())
|
by: milkyway |
last post by:
Hello out there,
When one gets an error, they can use
fprintf (Stdout, "File %s Line %d\n", __FILE__, __LINE__);
Is there a similar way where on can print out the stack trace?
Any help, hints or advice is appreciated ;-)
|
by: CoderGuy |
last post by:
Hello
I am reading up a bit on how memmory is used in the .NET Framework and have a few question
about the stack-based approach
* I understand that the stack is used to provide a layer of abstractio
between the CLR and the underlaying memory hardware (porting to anothe
architecture should not change the program, i.e you dont work with register
directly)
|
by: RAJ |
last post by:
In our multi-tier application, we have several ASP.NET user controls which
will update the same data source provided by middle tier logic.
In this particular scenario we have one user control displaying the contents
of the data source, whilst another control updates the datasource via a
command buttons implementation of 'Click', an event raised in the 'Handle
Postback Events' stage of the control execution life cycle (via the...
| |
by: The Eeediot |
last post by:
Hello, Folks...
I'm almost becoming a regular to this newsgroup.
I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate...
|
by: alfie27 |
last post by:
I currently have a working program that is a stack that stores integers. Now i have to convert it to store strings instead of integers. I have been working on this for hours and just keep getting errors of all kinds. I have decided to start from scratch. Any suggestions someone can give me would be greatly appreciated!!
Here is the current code:
#include <iostream>
using std::cout;
using std::cin;
#include <cstring>
using std::strcpy;
|
by: Tarique |
last post by:
Hello all.I am trying to implement a stack which can store either
integer or float values.
The code is given below:
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#define STACKSIZE 100
|
by: thatos |
last post by:
Is the any other way to remove contents of a stack without using the following loop or is there any other way to remove stack contents?
Here is the loop
Stack s = new Stack();
.
.
.
.
.
while (s.empty == false){
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |