|
Yeah, I've been studying it the past few days. Thanks.
"Old age is like a bank account. You withdraw later in life what you have deposited along the way." - Unknown
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
|
|
|
|
|
hmm i dunno if this is appropriate but my question is how to do a simple bufferoverrun which hack into a function.
basically i got a c++ code which has 2 function, foo() and bar(). the program accept input and pass the input to foo(). i want to buffer overrun till it reads into bar() function.
can this be done??
|
|
|
|
|
nuttynibbles wrote: can this be done??
Sure. I've never tried it so I do not have any examples. See here.
"Old age is like a bank account. You withdraw later in life what you have deposited along the way." - Unknown
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
|
|
|
|
|
DavidCrow wrote: See here.
Do you think it's a good idea to teach people how to hack?
|
|
|
|
|
I'm not really in a position to judge someone, Richard. A lot of what I know today is a direct result of my past. I was not a criminal, but I did want to know how things worked.
"Old age is like a bank account. You withdraw later in life what you have deposited along the way." - Unknown
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
|
|
|
|
|
DavidCrow wrote: I'm not really in a position to judge someone
Nor me, but the original question included the following "my question is how to do a simple bufferoverrun which hack into a function.", which leads me to believe this could well be someone trying to write a virus of sorts.
|
|
|
|
|
hey sorry guys but its actually for a simple school assignment. we need to know the ways of buffer overrun to better write a secure system. things like strcpy are vulnerable if not used correctly
modified on Wednesday, November 4, 2009 5:44 PM
|
|
|
|
|
Perhaps your request could have been worded better; the word 'hack' tends to ring alarm bells.
|
|
|
|
|
haha my bad. anw i managed to do it. basically do buffer overrun and when the system crash, find the return address. use ASCII to input the function address that u wanna gain access to.
|
|
|
|
|
Hey I would like to appreciate your intension behind the question. I would strongly suggest this[^]
|
|
|
|
|
Can someone please look at this and tell me what I am doing wrong with my pointer.
#include <stdio>
#include <stdlib.h>
#define SENT 4 //"Quit" menu choice
void DisplayMenu (void);
int GetMenuChoice (void);
void Gen2Rand (int*r1, int*r2);
void DrillOneProb (int c, int r1, int r2);
int main (void)
{
int c;
int r1,
r2;
DisplayMenu();
c = GetMenuChoice();
while (c >= 1 && c < SENT)
{ Gen2Rand (&r1, &r2);
DrillOneProb (c, r1,r2);
DisplayMenu();
c = GetMenuChoice();
printf("Program Complete\n");}
return (0);
}
void DisplayMenu (void)
{
printf("MENU OF OPERATIONS\n");
printf("1. Addition.\n");
printf("2. Subtraction.\n");
printf("3. Multiplication.\n");
printf("4. Quit.\n\n");
}
int GetMenuChoice (void)
{
int c;
do{
printf ("Enter the number of the operation to try (1-4):\n");
scanf ("%d", &c);
if (c<1 || c>SENT)
printf("\aInput value is out of range.\n");
while (c < 1 || c > SENT);
return (c);
}
void Gen2Rand (int*r1p, int*r2p)
int r1;
int r2;
r1 = 2 + rand() % 11;
r2 = 2 + rand() % 11;
*r1p = r1;
*r2p = r2;
return (0);
}
void DrillOneProb (int c, int r1, int r2)
{
int CorAns,
Reply;
switch (c)
{
case 1:
printf("+");
CorAns = r1 + r2;
break;
case 2:
printf("-");
CorAns = r1 - r2;
break;
default:
printf("x");
CorAns = r1 * r2;
break;
}
printf(" %d, ?", Reply);
scanf ("%d", &Reply);
if
(Reply == CorAns)
printf("Yes, that is correct. Good Job!");
else
{ printf("No, the correct answer is: %d", CorAns);
printf("\n\n");
}
|
|
|
|
|
You've not stated what problems if any that you're having?
PS:
In your function prototypes, you don't need to specify any variable names for the parameters. Just the data types are OK. This is Ok:
void DrillOneProb (int, int, int);
|
|
|
|
|
void Gen2Rand (int*r1p, int*r2p)
1. Error is undeclared identifier r2p
2. type error in argument 2 to 'Gen2Rand', found 'int' expected 'pointer to int'
3. possible usage of r1p and r2p before definition
*r1p = r1;<br />
*r2p = r2;
1. Error is r1p and r2p is not a pointer.
I met my instructor yesterday and he said that the prototypes were correct. So should I change the void Gen2Rand (int*r1, int*r2)
|
|
|
|
|
Ibrahim Bello wrote: In your function prototypes, you don't need to specify any variable names for the parameters. Just the data types are OK. This is Ok:
void DrillOneProb (int, int, int);
But not very helpful to someone looking at a function prototype in a header file.
You measure democracy by the freedom it gives its dissidents, not the freedom it gives its assimilated conformists.
|
|
|
|
|
You are missing: 1) a closing brace in GetMenuChoice() , and 2) an opening brace in Gen2Rand() . There are other errors but addressing those two should get you further along.
"Old age is like a bank account. You withdraw later in life what you have deposited along the way." - Unknown
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
|
|
|
|
|
Thank you, That did fix the prob.
|
|
|
|
|
That's good.
As for the prototype, this is OK:
void Gen2Rand (int*, int*); . No need for specifying variable names in prototype. Just let the compiler know what data type to expect for that function. Cheers!
|
|
|
|
|
IMHO, I would say that it is good practice to specify the parameter names in the function prototype, especially when the parameters are the same type. This is not for the compiler's sake but for your own sanity when you come to call the function. It will help you to get your parameters in the right order without having to analyze your code.
Tony
|
|
|
|
|
Oh yes, that's right,
Guess I'm just used to leaving my parameter names out
|
|
|
|
|
I figured it would. You might consider formatting your code (e.g., using spaces instead of tabs) so that errors such as mismatched braces would be more obvious. For example:
#define SENT 4 //"Quit" menu choice
void DisplayMenu (void)
{
printf("MENU OF OPERATIONS\n");
printf("1. Addition.\n");
printf("2. Subtraction.\n");
printf("3. Multiplication.\n");
printf("4. Quit.\n\n");
}
int GetMenuChoice (void)
{
int c;
do
{
printf ("Enter the number of the operation to try (1-4):\n");
scanf ("%d", &c);
if (c<1 || c>SENT)
printf("\aInput value is out of range.\n");
} while (c < 1 || c > SENT);
return (c);
}
void Gen2Rand (int*r1p, int*r2p)
{
int r1;
int r2;
r1 = 2 + rand() % 11;
r2 = 2 + rand() % 11;
*r1p = r1;
*r2p = r2;
}
void DrillOneProb (int c, int r1, int r2)
{
int CorAns,
Reply;
switch (c)
{
case 1:
printf("+");
CorAns = r1 + r2;
break;
case 2:
printf("-");
CorAns = r1 - r2;
break;
default:
printf("x");
CorAns = r1 * r2;
break;
}
printf(" %d, ?", Reply);
scanf ("%d", &Reply);
if (Reply == CorAns)
printf("Yes, that is correct. Good Job!");
else
{
printf("No, the correct answer is: %d", CorAns);
printf("\n\n");
}
}
int main (void)
{
int c;
int r1,
r2;
DisplayMenu();
c = GetMenuChoice();
while (c >= 1 && c < SENT)
{
Gen2Rand (&r1, &r2);
DrillOneProb (c, r1,r2);
DisplayMenu();
c = GetMenuChoice();
printf("Program Complete\n");
}
return (0);
}
"Old age is like a bank account. You withdraw later in life what you have deposited along the way." - Unknown
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
|
|
|
|
|
Thanks again. I will make a notation in regards to the braces. I did make some other changes because the execute did not look like the sample given. But now works perfectly.
|
|
|
|
|
OK, actually this program works fine, but only when run from Visual Studio. However, when I click on the .exe or launch it from windows command prompt, I get an error: "Unhandled exception at 0x775e59c3 in Materials.exe: 0xC0000005: Access violation reading location 0x54a075d8" and Windows shuts the program down.
The Requirement
The program is to read from a text file a list of tabulated data of a given material: Temperature, Density, Viscosity... etc.
For example:
Temperature Density Viscosity ... ...
50 0.2 0.3 ... ...
100 0.25 0.33 ... ...
The aim of the program is to read these values (several) of them, store to memory and do some sorts of interpolations.
I created a structure, each holding the properties of the material at a given temperature. I then dynamically create an array of structures based on the number of data. If I had 100 readings, I create 100 arrays to structure.
.h file
struct Material {
float temperature;
float density;
float viscosity;
};
typedef Material* MATERIAL;
The above go into the header file
.cpp file
MATERIAL* g_ptrMaterial;
void ReadFile (char* filePath)
{
vector<string> Tokens;
int i = 0;
string val;
char c;
ifstream file(filePath);
if (!file.fail())
{
g_numberOfRows = getNumberOfRows(file);
g_ptrMaterial = new MATERIAL[g_numberOfRows];
getline(file, g_fileHeader);
while (getline(file, val))
{
g_ptrMaterial[i] = (MATERIAL) malloc(sizeof(MATERIAL));
Tokens = GetTokens(val);
if (!Tokens.empty())
{
g_ptrMaterial[i]->temperature = convertToFloat(Tokens.at(0));
g_ptrMaterial[i]->density = convertToFloat(Tokens.at(1));
g_ptrMaterial[i]->viscosity = convertToFloat(Tokens.at(2));
i++;
}
}
}
else
{
cerr << "FILE NOT FOUND!";
exit(1);
}
}
vector<string > GetTokens (string val)
{
stringstream ss(val);
string temp;
vector<std::string > Tokens;
while (ss >> temp)
{
Tokens.push_back(temp);
}
return Tokens;
}
Debugging
What I did was to attach my debugger to the executable process [Tools -> Attach to Process] as it runs. I noticed that the error is triggered in the GetTokens function. It reads the first row fine i.e (50, 0.2, 0.3), but when it comes to the 2nd row it gets stuck just when about returning Tokens from the GetTokens function. What could be the problem? I guess, I'm out of my depth on this one ...
|
|
|
|
|
I did not find anything blatantly wrong with your code. The only changes I made to get it to compile in my environment were to change float to double and convertToFloat() to atof() .
"Old age is like a bank account. You withdraw later in life what you have deposited along the way." - Unknown
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
|
|
|
|
|
Is your application multi-threaded?
This problem can occur in such application due to some conflicts between threads.
When you single step through code, the conflict may not occur.
|
|
|
|
|
I didn't explicity create any extra threads, so I'll say it's single-threaded.
|
|
|
|