By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,134 Members | 1,796 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,134 IT Pros & Developers. It's quick & easy.

Displaying stack contents

P: n/a
Here is a similar code to one that I saw in a video on the web:
#include <cstdio>
#include <cstring>
void somefunc(const char *input)
{
using namespace std;

char buf[5];

// Displays the stack
printf("Stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n\n");

//Buffer overflow
strcpy(buf, input);

printf("%s\n", buf);

printf("Now the stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n\n");
}

void somefunc2()
{
printf("somefunc2()\n");
}
int main(int argc, char *argv[])
{
using namespace std;

printf("Address of somefunc = %p\n", somefunc);

printf("Address of somefunc2 = %p\n", somefunc2);

somefunc(argv[1]);
}

So, can we be sure that we can display the contents of the stack in this way?

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #1
Share this Question
Share on Google+
9 Replies


P: n/a
Ioannis Vranos wrote:
Here is a similar code to one that I saw in a video on the web:
#include <cstdio>
#include <cstring>
void somefunc(const char *input)
{
using namespace std;

char buf[5];

// Displays the stack
printf("Stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n\n");

//Buffer overflow
strcpy(buf, input);

printf("%s\n", buf);

printf("Now the stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n\n");
}

void somefunc2()
{
printf("somefunc2()\n");
}
int main(int argc, char *argv[])
{
using namespace std;

printf("Address of somefunc = %p\n", somefunc);

printf("Address of somefunc2 = %p\n", somefunc2);

somefunc(argv[1]);
}

So, can we be sure that we can display the contents of the stack in this
way?


Definitely not. Calling 'printf' with fewer arguments than fields
specified by the format string causes undefined behaviour. What happens
in that case *could* be that 'printf' shows you the stack contents or it
*could* be that your hard drive is reformatted or that all your friends
receive obscene e-mails originating from you.

V
Jul 23 '05 #2

P: n/a
Ioannis Vranos wrote:
Here is a similar code to one that I saw in a video on the web:
#include <cstdio>
#include <cstring>
void somefunc(const char *input)
{
using namespace std;

char buf[5];

// Displays the stack
printf("Stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n\n");

//Buffer overflow
strcpy(buf, input);

printf("%s\n", buf);

printf("Now the stack looks like:\n%p\n%p\n%p\n%p\n%p\n%p\n\n");
}

void somefunc2()
{
printf("somefunc2()\n");
}
int main(int argc, char *argv[])
{
using namespace std;

printf("Address of somefunc = %p\n", somefunc);

printf("Address of somefunc2 = %p\n", somefunc2);

somefunc(argv[1]);
}

So, can we be sure that we can display the contents of the stack in this
way?


What's the deal with the %p?
`info coreutils printf` tells me it evaluates to AM or PM, depending on
your locale settings. It's a date/time specific thing o_O

--
Matthias Kaeppler
Jul 23 '05 #3

P: n/a
Matthias Kaeppler wrote:

What's the deal with the %p?
`info coreutils printf` tells me it evaluates to AM or PM, depending on
your locale settings. It's a date/time specific thing o_O


That's what it means in calls to strftime. In calls to printf and its
relatives it displays the value of a pointer.

--

Pete Becker
Dinkumware, Ltd. (http://www.dinkumware.com)
Jul 23 '05 #4

P: n/a
Matthias Kaeppler wrote:
What's the deal with the %p?
`info coreutils printf` tells me it evaluates to AM or PM, depending on
your locale settings. It's a date/time specific thing o_O


?
--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #5

P: n/a
Victor Bazarov wrote:
Definitely not. Calling 'printf' with fewer arguments than fields
specified by the format string causes undefined behaviour. What happens
in that case *could* be that 'printf' shows you the stack contents or it
*could* be that your hard drive is reformatted or that all your friends
receive obscene e-mails originating from you.

OK, so ISO C++ speaking it is not guaranteed this to work. However in practice it looks
like it is working. Have you seen this before?

I got the code from a code-security oriented video.

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #6

P: n/a
Ioannis Vranos wrote:
Victor Bazarov wrote:
Definitely not. Calling 'printf' with fewer arguments than fields
specified by the format string causes undefined behaviour. What happens
in that case *could* be that 'printf' shows you the stack contents or it
*could* be that your hard drive is reformatted or that all your friends
receive obscene e-mails originating from you.
OK, so ISO C++ speaking it is not guaranteed this to work. However in
practice it looks like it is working. Have you seen this before?


No, I hadn't. Nor would I trust hacker instructional videos when
learning about language features.
I got the code from a code-security oriented video.

Jul 23 '05 #7

P: n/a
Victor Bazarov wrote:
No, I hadn't. Nor would I trust hacker instructional videos when
learning about language features.

Actually it was about code security and protecting from hackers and not the opposite. This
shows how buffer overruns look like, and just to provide a useful summary on this, the
bottom line was that apart from using strncpy() etc (which can also be circumvented with
various tricks), in all these types of attacked programs the data are not checked at the
point of input, and we should consider *any* input as unsafe and validate it at the point
of its introduction.

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #8

P: n/a
Ioannis Vranos wrote:
Victor Bazarov wrote:
No, I hadn't. Nor would I trust hacker instructional videos when
learning about language features.


Actually it was about code security and protecting from hackers and not
the opposite. [...]


Just to let you know that the best security algorithms are invented by
hackers, and knowing how a system can be broken is necessary to be able
to protect it. Instructional videos for hackers or for security personnel
are interchangeable. If you want to be able to break into a system you
might want to learn what is taught to those who are trying to protect it
and vice versa.

And my recommendation for you: if you want your code to be safe, you
should use all means possible to avoid undefined behaviour. Using printf
in the manner you asked about may not be that susceptible to any hacking,
but considering it OK because "it looks like it is working" is a very
dangerous practice.

V
Jul 23 '05 #9

P: n/a
Victor Bazarov wrote:
And my recommendation for you: if you want your code to be safe, you
should use all means possible to avoid undefined behaviour. Using printf
in the manner you asked about may not be that susceptible to any hacking,
but considering it OK because "it looks like it is working" is a very
dangerous practice.

Of course. I found it interesting to display the stack in this way though. :-)

--
Ioannis Vranos

http://www23.brinkster.com/noicys
Jul 23 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.