need Help on Buffer overflow & overrun

**rOCk-MaStEr** · June 2nd, 2004, 01:57 PM

i Would really hopefull for anybody helps me learning the Overflow And overrun with any tutorials , books or texts.
i readed the things about them in hacker Jargon's Section..
but i need sumthing that may help learning that..

**tomyahoo** · June 2nd, 2004, 02:01 PM

if the book in Chinese ??

**rOCk-MaStEr** · June 2nd, 2004, 02:04 PM

sorry i only know English and not Good english

i hope its English !

***i2c*** · June 2nd, 2004, 02:06 PM

Yea check out "Smashing The Stack For Fun And Profit" theres loads and load and loads of papers on www.packetstormsecurity.com

You really need to learn how to use google to prosper, its not difficult...heres the link www.google.com

its amazing!

i2c

**tomyahoo** · June 2nd, 2004, 02:07 PM

so I am sorry I can't help u because of my poor English and poor knowledge about Overflow And overrun

but....hmm.....I can introduce a very good teacher (good at English maybe German) for u ....

**rOCk-MaStEr** · June 2nd, 2004, 02:08 PM

thx for ur reply
i tried The Googls in First Class but didn't get any helpfull results..

***cacosapo*** · June 2nd, 2004, 02:13 PM

there is a brand new tutorial about buffer overflow here. Take a look here.
http://www.antionline.com/showthread...hreadid=258281

***SwordFish_13*** · June 2nd, 2004, 06:19 PM

Hi

Originally posted here by rOCk-MaStEr
man i know a Basic C programming
so can u give me a Tutorial of C in what i need to learn this Buffer overflow

Buffer OverFlow in it's easiest form is not very Difficult Topic to understand.....It's a problem in C and C++ because it dosen't have automatic bound checking mechanism.
then When you create a Array mamory is allocated for the Array ....Memory is allocated in continuous memory locations. its not like it goes to find a new memory location which is free for the next element......Say You create a array

char buffer[8];

What will happen in memory is 8 bytes get reserved in the memory...(16 For integers and so on ............16 because each of the 8 integers would be 2 bytes long)

Code:

  _____ ______ _____ _____ _____ _____ _____ _____ 
|_____|______|_____|_____|_____|_____|_____|_____|
  4002   4003  4004  4005  4006  4007  4008  4009

Something like this Internally Arrays too use pointers.......... If you feed in a 8 digits the numbers will be stored in the array in those consecutive boxes .........A buffer overflow occurs when something very large is placed in a box far too small for it to fit. It's all gotta go somewhere so it gets spilled over say you feed 11 digits

Code:

  _____ ______ _____ _____ _____ _____ _____ _____ 
|_____|______|_____|_____|_____|_____|_____|_____|
  4002   4003  4004  4005  4006  4007  4008  4009  4010   4011   4012

Code:

Void over(void)
{
   int i;
   char buffer[8];   
                                  
   for(i=0;i&lt;200;i++)                 
   buffer[i]='A';              
   
   return;
}

Look at the above program We have created a array of 8. So 8 consecutive memory locations will be assigned to the array.......The ninth memory location might be holding data from another program........and our program will overight it ... this might cause the program holding that location to carsh or become destable.........

To prevent Buffer overflow You should always use libraries which have a Autometic Bound Checking such as Striing.h and functions like strncpy,snprintf,fgets,strncat etc.which have automatic bound checking.......

Read this Link Analysis of Buffer Overflow Attacks] I think it describes Buffor OverFlow in very Compheriensive way with code Examples ...I thik it was the best Tutorial i found that made me(a newbe) understand it ....

and this
Dangers in C/C++

--Good Luck--

[Edit]
Hey Originaly Just wanted to give you the link But was just bored so wrote all that......I think i have way too much time on my hand..

.

i have no idea how they make those pretty pictures in ASCII ..i never can you know i had to Edit this think 19 times to get those two lines in place........and still they look a bit weird...

**gothic_type** · June 2nd, 2004, 10:06 PM

Try writing it in notepad or some other ascii editor and pasting it in. I'm not sure if it would work with your "ascii art", but it's worked for me before doing other things (alright, I can't remember what, but it has...I'm sure :P)

ac

**rOCk-MaStEr** · June 2nd, 2004, 10:18 PM

Thx alot Swordfish for ur explaining.. it really helped man and for the links..
and the Ascii Thingy is Good

Thread: need Help on Buffer overflow & overrun

Thread Tools

Display

need Help on Buffer overflow & overrun

Posting Permissions