4.8 实战：栈溢出攻击示例

二进制方式打开

vi -b xxx

十六进制查看

%！ xxd %！ xxd -r 退出

查看函数的地址

readelf -s xxx.out |grep xxx

代码

/************************************************ * Copyright(C) zhaixue.cc. All rights reserved * * Filename: stack-overflow.c * Author: litao.wang * E-mail: 3284757626@qq.com * Description: * Create: 2017-11-22 11:11:24 * Last Modified: 2017-11-22 14:18:29 ************************************************/ #include<stdio.h> void shellcode(void) { printf("virus run success!\n"); while(1); } int f(int argc, char *argv[]) { int a[4]; int tmp; FILE *fp; tmp = a[4]; fp = fopen(argv[1],"r+"); if(fp==NULL) { printf("open virus.bin failed!\n"); return -1; } fread(a,4,9,fp); //从fp 读取9个数据到a，每个数据的大小为4字节 // a[6] = shellcode; // tmp = a[4]; // a[4] = 3; // printf("a[6] = %d\n",a[6]); a[4] = tmp; fclose(fp); } int main(int argc, char * argv[]) { f(argc,argv); printf("hello world!\n"); return 0; }