473,721 Members | 2,234 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Displaying stack contents

Here is a similar code to one that I saw in a video on the web:
#include <cstdio>
#include <cstring>
void somefunc(const char *input)
{
using namespace std;

char buf[5];

// Displays the stack
printf("Stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");

//Buffer overflow
strcpy(buf, input);

printf("%s\n", buf);

printf("Now the stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");
}

void somefunc2()
{
printf("somefun c2()\n");
}
int main(int argc, char *argv[])
{
using namespace std;

printf("Address of somefunc = %p\n", somefunc);

printf("Address of somefunc2 = %p\n", somefunc2);

somefunc(argv[1]);
}

So, can we be sure that we can display the contents of the stack in this way?

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #1
9 3267
Ioannis Vranos wrote:
Here is a similar code to one that I saw in a video on the web:
#include <cstdio>
#include <cstring>
void somefunc(const char *input)
{
using namespace std;

char buf[5];

// Displays the stack
printf("Stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");

//Buffer overflow
strcpy(buf, input);

printf("%s\n", buf);

printf("Now the stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");
}

void somefunc2()
{
printf("somefun c2()\n");
}
int main(int argc, char *argv[])
{
using namespace std;

printf("Address of somefunc = %p\n", somefunc);

printf("Address of somefunc2 = %p\n", somefunc2);

somefunc(argv[1]);
}

So, can we be sure that we can display the contents of the stack in this
way?


Definitely not. Calling 'printf' with fewer arguments than fields
specified by the format string causes undefined behaviour. What happens
in that case *could* be that 'printf' shows you the stack contents or it
*could* be that your hard drive is reformatted or that all your friends
receive obscene e-mails originating from you.

V
Jul 23 '05 #2
Ioannis Vranos wrote:
Here is a similar code to one that I saw in a video on the web:
#include <cstdio>
#include <cstring>
void somefunc(const char *input)
{
using namespace std;

char buf[5];

// Displays the stack
printf("Stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");

//Buffer overflow
strcpy(buf, input);

printf("%s\n", buf);

printf("Now the stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");
}

void somefunc2()
{
printf("somefun c2()\n");
}
int main(int argc, char *argv[])
{
using namespace std;

printf("Address of somefunc = %p\n", somefunc);

printf("Address of somefunc2 = %p\n", somefunc2);

somefunc(argv[1]);
}

So, can we be sure that we can display the contents of the stack in this
way?


What's the deal with the %p?
`info coreutils printf` tells me it evaluates to AM or PM, depending on
your locale settings. It's a date/time specific thing o_O

--
Matthias Kaeppler
Jul 23 '05 #3
Matthias Kaeppler wrote:

What's the deal with the %p?
`info coreutils printf` tells me it evaluates to AM or PM, depending on
your locale settings. It's a date/time specific thing o_O


That's what it means in calls to strftime. In calls to printf and its
relatives it displays the value of a pointer.

--

Pete Becker
Dinkumware, Ltd. (http://www.dinkumware.com)
Jul 23 '05 #4
Matthias Kaeppler wrote:
What's the deal with the %p?
`info coreutils printf` tells me it evaluates to AM or PM, depending on
your locale settings. It's a date/time specific thing o_O


?
--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #5
Victor Bazarov wrote:
Definitely not. Calling 'printf' with fewer arguments than fields
specified by the format string causes undefined behaviour. What happens
in that case *could* be that 'printf' shows you the stack contents or it
*could* be that your hard drive is reformatted or that all your friends
receive obscene e-mails originating from you.

OK, so ISO C++ speaking it is not guaranteed this to work. However in practice it looks
like it is working. Have you seen this before?

I got the code from a code-security oriented video.

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #6
Ioannis Vranos wrote:
Victor Bazarov wrote:
Definitely not. Calling 'printf' with fewer arguments than fields
specified by the format string causes undefined behaviour. What happens
in that case *could* be that 'printf' shows you the stack contents or it
*could* be that your hard drive is reformatted or that all your friends
receive obscene e-mails originating from you.
OK, so ISO C++ speaking it is not guaranteed this to work. However in
practice it looks like it is working. Have you seen this before?


No, I hadn't. Nor would I trust hacker instructional videos when
learning about language features.
I got the code from a code-security oriented video.

Jul 23 '05 #7
Victor Bazarov wrote:
No, I hadn't. Nor would I trust hacker instructional videos when
learning about language features.

Actually it was about code security and protecting from hackers and not the opposite. This
shows how buffer overruns look like, and just to provide a useful summary on this, the
bottom line was that apart from using strncpy() etc (which can also be circumvented with
various tricks), in all these types of attacked programs the data are not checked at the
point of input, and we should consider *any* input as unsafe and validate it at the point
of its introduction.

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #8
Ioannis Vranos wrote:
Victor Bazarov wrote:
No, I hadn't. Nor would I trust hacker instructional videos when
learning about language features.


Actually it was about code security and protecting from hackers and not
the opposite. [...]


Just to let you know that the best security algorithms are invented by
hackers, and knowing how a system can be broken is necessary to be able
to protect it. Instructional videos for hackers or for security personnel
are interchangeable . If you want to be able to break into a system you
might want to learn what is taught to those who are trying to protect it
and vice versa.

And my recommendation for you: if you want your code to be safe, you
should use all means possible to avoid undefined behaviour. Using printf
in the manner you asked about may not be that susceptible to any hacking,
but considering it OK because "it looks like it is working" is a very
dangerous practice.

V
Jul 23 '05 #9
Victor Bazarov wrote:
And my recommendation for you: if you want your code to be safe, you
should use all means possible to avoid undefined behaviour. Using printf
in the manner you asked about may not be that susceptible to any hacking,
but considering it OK because "it looks like it is working" is a very
dangerous practice.

Of course. I found it interesting to display the stack in this way though. :-)

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1277
by: CoderGuy | last post by:
Hello I am reading up a bit on how memmory is used in the .NET Framework and have a few question about the stack-based approach * I understand that the stack is used to provide a layer of abstractio between the CLR and the underlaying memory hardware (porting to anothe architecture should not change the program, i.e you dont work with register directly)
4
4155
by: chirag | last post by:
i wrote the following code for the comments given. however, i am getting some errors in it. it says local function definitation are illegal.. plese scan through the following code. thanks. void Stack::print() // Prints the contents of a stack from top to bottom. The stack // is not changed. Does not call any Stack member functions. { int item; if (aList.isEmpty())
6
2414
by: milkyway | last post by:
Hello out there, When one gets an error, they can use fprintf (Stdout, "File %s Line %d\n", __FILE__, __LINE__); Is there a similar way where on can print out the stack trace? Any help, hints or advice is appreciated ;-)
0
1167
by: CoderGuy | last post by:
Hello I am reading up a bit on how memmory is used in the .NET Framework and have a few question about the stack-based approach * I understand that the stack is used to provide a layer of abstractio between the CLR and the underlaying memory hardware (porting to anothe architecture should not change the program, i.e you dont work with register directly)
2
4349
by: RAJ | last post by:
In our multi-tier application, we have several ASP.NET user controls which will update the same data source provided by middle tier logic. In this particular scenario we have one user control displaying the contents of the data source, whilst another control updates the datasource via a command buttons implementation of 'Click', an event raised in the 'Handle Postback Events' stage of the control execution life cycle (via the...
6
2244
by: The Eeediot | last post by:
Hello, Folks... I'm almost becoming a regular to this newsgroup. I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate...
1
4216
by: alfie27 | last post by:
I currently have a working program that is a stack that stores integers. Now i have to convert it to store strings instead of integers. I have been working on this for hours and just keep getting errors of all kinds. I have decided to start from scratch. Any suggestions someone can give me would be greatly appreciated!! Here is the current code: #include <iostream> using std::cout; using std::cin; #include <cstring> using std::strcpy;
9
2513
by: Tarique | last post by:
Hello all.I am trying to implement a stack which can store either integer or float values. The code is given below: #include<stdio.h> #include<stdlib.h> #include<string.h> #define STACKSIZE 100
3
1704
thatos
by: thatos | last post by:
Is the any other way to remove contents of a stack without using the following loop or is there any other way to remove stack contents? Here is the loop Stack s = new Stack(); . . . . . while (s.empty == false){
0
8840
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8730
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9367
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9215
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9131
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
5981
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4484
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4753
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2576
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.