473,698 Members | 2,086 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Displaying stack contents

Here is a similar code to one that I saw in a video on the web:
#include <cstdio>
#include <cstring>
void somefunc(const char *input)
{
using namespace std;

char buf[5];

// Displays the stack
printf("Stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");

//Buffer overflow
strcpy(buf, input);

printf("%s\n", buf);

printf("Now the stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");
}

void somefunc2()
{
printf("somefun c2()\n");
}
int main(int argc, char *argv[])
{
using namespace std;

printf("Address of somefunc = %p\n", somefunc);

printf("Address of somefunc2 = %p\n", somefunc2);

somefunc(argv[1]);
}

So, can we be sure that we can display the contents of the stack in this way?

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #1
9 3263
Ioannis Vranos wrote:
Here is a similar code to one that I saw in a video on the web:
#include <cstdio>
#include <cstring>
void somefunc(const char *input)
{
using namespace std;

char buf[5];

// Displays the stack
printf("Stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");

//Buffer overflow
strcpy(buf, input);

printf("%s\n", buf);

printf("Now the stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");
}

void somefunc2()
{
printf("somefun c2()\n");
}
int main(int argc, char *argv[])
{
using namespace std;

printf("Address of somefunc = %p\n", somefunc);

printf("Address of somefunc2 = %p\n", somefunc2);

somefunc(argv[1]);
}

So, can we be sure that we can display the contents of the stack in this
way?


Definitely not. Calling 'printf' with fewer arguments than fields
specified by the format string causes undefined behaviour. What happens
in that case *could* be that 'printf' shows you the stack contents or it
*could* be that your hard drive is reformatted or that all your friends
receive obscene e-mails originating from you.

V
Jul 23 '05 #2
Ioannis Vranos wrote:
Here is a similar code to one that I saw in a video on the web:
#include <cstdio>
#include <cstring>
void somefunc(const char *input)
{
using namespace std;

char buf[5];

// Displays the stack
printf("Stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");

//Buffer overflow
strcpy(buf, input);

printf("%s\n", buf);

printf("Now the stack looks like:\n%p\n%p\n %p\n%p\n%p\n%p\ n\n");
}

void somefunc2()
{
printf("somefun c2()\n");
}
int main(int argc, char *argv[])
{
using namespace std;

printf("Address of somefunc = %p\n", somefunc);

printf("Address of somefunc2 = %p\n", somefunc2);

somefunc(argv[1]);
}

So, can we be sure that we can display the contents of the stack in this
way?


What's the deal with the %p?
`info coreutils printf` tells me it evaluates to AM or PM, depending on
your locale settings. It's a date/time specific thing o_O

--
Matthias Kaeppler
Jul 23 '05 #3
Matthias Kaeppler wrote:

What's the deal with the %p?
`info coreutils printf` tells me it evaluates to AM or PM, depending on
your locale settings. It's a date/time specific thing o_O


That's what it means in calls to strftime. In calls to printf and its
relatives it displays the value of a pointer.

--

Pete Becker
Dinkumware, Ltd. (http://www.dinkumware.com)
Jul 23 '05 #4
Matthias Kaeppler wrote:
What's the deal with the %p?
`info coreutils printf` tells me it evaluates to AM or PM, depending on
your locale settings. It's a date/time specific thing o_O


?
--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #5
Victor Bazarov wrote:
Definitely not. Calling 'printf' with fewer arguments than fields
specified by the format string causes undefined behaviour. What happens
in that case *could* be that 'printf' shows you the stack contents or it
*could* be that your hard drive is reformatted or that all your friends
receive obscene e-mails originating from you.

OK, so ISO C++ speaking it is not guaranteed this to work. However in practice it looks
like it is working. Have you seen this before?

I got the code from a code-security oriented video.

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #6
Ioannis Vranos wrote:
Victor Bazarov wrote:
Definitely not. Calling 'printf' with fewer arguments than fields
specified by the format string causes undefined behaviour. What happens
in that case *could* be that 'printf' shows you the stack contents or it
*could* be that your hard drive is reformatted or that all your friends
receive obscene e-mails originating from you.
OK, so ISO C++ speaking it is not guaranteed this to work. However in
practice it looks like it is working. Have you seen this before?


No, I hadn't. Nor would I trust hacker instructional videos when
learning about language features.
I got the code from a code-security oriented video.

Jul 23 '05 #7
Victor Bazarov wrote:
No, I hadn't. Nor would I trust hacker instructional videos when
learning about language features.

Actually it was about code security and protecting from hackers and not the opposite. This
shows how buffer overruns look like, and just to provide a useful summary on this, the
bottom line was that apart from using strncpy() etc (which can also be circumvented with
various tricks), in all these types of attacked programs the data are not checked at the
point of input, and we should consider *any* input as unsafe and validate it at the point
of its introduction.

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #8
Ioannis Vranos wrote:
Victor Bazarov wrote:
No, I hadn't. Nor would I trust hacker instructional videos when
learning about language features.


Actually it was about code security and protecting from hackers and not
the opposite. [...]


Just to let you know that the best security algorithms are invented by
hackers, and knowing how a system can be broken is necessary to be able
to protect it. Instructional videos for hackers or for security personnel
are interchangeable . If you want to be able to break into a system you
might want to learn what is taught to those who are trying to protect it
and vice versa.

And my recommendation for you: if you want your code to be safe, you
should use all means possible to avoid undefined behaviour. Using printf
in the manner you asked about may not be that susceptible to any hacking,
but considering it OK because "it looks like it is working" is a very
dangerous practice.

V
Jul 23 '05 #9
Victor Bazarov wrote:
And my recommendation for you: if you want your code to be safe, you
should use all means possible to avoid undefined behaviour. Using printf
in the manner you asked about may not be that susceptible to any hacking,
but considering it OK because "it looks like it is working" is a very
dangerous practice.

Of course. I found it interesting to display the stack in this way though. :-)

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1274
by: CoderGuy | last post by:
Hello I am reading up a bit on how memmory is used in the .NET Framework and have a few question about the stack-based approach * I understand that the stack is used to provide a layer of abstractio between the CLR and the underlaying memory hardware (porting to anothe architecture should not change the program, i.e you dont work with register directly)
4
4155
by: chirag | last post by:
i wrote the following code for the comments given. however, i am getting some errors in it. it says local function definitation are illegal.. plese scan through the following code. thanks. void Stack::print() // Prints the contents of a stack from top to bottom. The stack // is not changed. Does not call any Stack member functions. { int item; if (aList.isEmpty())
6
2414
by: milkyway | last post by:
Hello out there, When one gets an error, they can use fprintf (Stdout, "File %s Line %d\n", __FILE__, __LINE__); Is there a similar way where on can print out the stack trace? Any help, hints or advice is appreciated ;-)
0
1165
by: CoderGuy | last post by:
Hello I am reading up a bit on how memmory is used in the .NET Framework and have a few question about the stack-based approach * I understand that the stack is used to provide a layer of abstractio between the CLR and the underlaying memory hardware (porting to anothe architecture should not change the program, i.e you dont work with register directly)
2
4344
by: RAJ | last post by:
In our multi-tier application, we have several ASP.NET user controls which will update the same data source provided by middle tier logic. In this particular scenario we have one user control displaying the contents of the data source, whilst another control updates the datasource via a command buttons implementation of 'Click', an event raised in the 'Handle Postback Events' stage of the control execution life cycle (via the...
6
2243
by: The Eeediot | last post by:
Hello, Folks... I'm almost becoming a regular to this newsgroup. I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate...
1
4214
by: alfie27 | last post by:
I currently have a working program that is a stack that stores integers. Now i have to convert it to store strings instead of integers. I have been working on this for hours and just keep getting errors of all kinds. I have decided to start from scratch. Any suggestions someone can give me would be greatly appreciated!! Here is the current code: #include <iostream> using std::cout; using std::cin; #include <cstring> using std::strcpy;
9
2510
by: Tarique | last post by:
Hello all.I am trying to implement a stack which can store either integer or float values. The code is given below: #include<stdio.h> #include<stdlib.h> #include<string.h> #define STACKSIZE 100
3
1693
thatos
by: thatos | last post by:
Is the any other way to remove contents of a stack without using the following loop or is there any other way to remove stack contents? Here is the loop Stack s = new Stack(); . . . . . while (s.empty == false){
0
8600
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9155
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
8890
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8858
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6517
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5859
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4614
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3038
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2322
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.