current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free.
up vote 0 down vote favorite

I am working on an assignment and I ran into a bit of a problem. I am pretty new to the whole security sector of programming so I may just be missing something simple, but I would appreciate any help you guys can give.

In this assignment (old assignment, doesn't apply to this term for my class) we are meant to get a program to call a function different than what it is meant to call. The code is posted below:

#include <stdio.h>
#include <stdlib.h>

int oopsIGotToTheBadFunction(void)
{
    printf("Gotcha!\n");
    exit(0);
}

int goodFunctionUserInput(void)
{
    char buf[12];
    gets(buf);
    return(1);
}

int main(void)
{
    goodFunctionUserInput();
    printf("Overflow failed\n");
    return(1);
}

We are meant to get oopsIGotToTheBadFunction to execute when the other function is called. So far I load the program in Terminal or PuTTy and then do the disas command, but the resulting information is not what I was expecting. I was expecting the information to read like this

Dump of assembler code for function bar:
0x000000000040068e <+0>: push %rbp
0x000000000040068f <+1>: mov %rsp,%rbp
0x0000000000400692 <+4>: mov $0x400800,%edi
0x0000000000400697 <+9>: callq 0x400528 <puts@plt>
0x000000000040069c <+14>: mov 0x20099d(%rip),%rax # 0x601040 ...
0x00000000004006a3 <+21>: mov %rax,%rdi
0x00000000004006a6 <+24>: callq 0x400558 <fflush@plt>
0x00000000004006ab <+29>: leaveq
0x00000000004006ac <+30>: retq
End of assembler dump.

But instead I get this:

enter(gdb) disas oopsIGotToTheBadFunction
Dump of assembler code for function oopsIGotToTheBadFunction:
0x00000001000008fc <oopsIGotToTheBadFunction+0>:        save  %sp, -192, %sp
0x0000000100000900 <oopsIGotToTheBadFunction+4>:        sethi  %hi(0x100000), %g      1
0x0000000100000904 <oopsIGotToTheBadFunction+8>:        mov  %g1, %g1   ! 0x1000      00
0x0000000100000908 <oopsIGotToTheBadFunction+12>:       sllx  %g1, 0xc, %g1
0x000000010000090c <oopsIGotToTheBadFunction+16>:       or  %g1, 0xa20, %o0
0x0000000100000910 <oopsIGotToTheBadFunction+20>:       call  0x100100c20 <puts@      plt>
0x0000000100000914 <oopsIGotToTheBadFunction+24>:       nop
0x0000000100000918 <oopsIGotToTheBadFunction+28>:       clr  %o0        !    0x0
0x000000010000091c <oopsIGotToTheBadFunction+32>:       call  0x100100ba0 <exit@      plt>
0x0000000100000920 <oopsIGotToTheBadFunction+36>:       nop
0x0000000100000924 <oopsIGotToTheBadFunction+40>:       nop
End of assembler dump.

The walk through I'm using requires me to manipulate the information in the rbp and leaveq spots but I am not sure what to use instead of those since they are not present when I run the disas command.

Thank you for any help guys!

share|improve this question
    
Different compilers and different compiler options will generate different code. You are going to have to study and exploit what your compiler spits out or duplicate the tutorial's build environment. –  user4581301 Jul 27 at 16:55
    
are you compiling in debug mode? –  James Moore Jul 27 at 17:36
    
Not that I am aware of, James. Thank you user4581301, I'll keep trying! –  huSh Jul 27 at 19:25

1 Answer 1

up vote 0 down vote accepted

I was expecting the information to read like this

You are expecting to find Intel x86_64 instructions ...

But instead I get this:

You are finding Sun SPARC instructions. You do know that processors other than Intel x86 exist, right?

If you want to debug/manipulate Intel assembly, you'll have to do it on a machine that has Intel CPU in it.

share|improve this answer
    
I was aware of the existence of other processors, but I didn't know that the processor affected that information. That being said, I have an Intel processor. –  huSh Jul 30 at 2:54

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.