current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Join the Stack Overflow Community
Stack Overflow is a community of 6.4 million programmers, just like you, helping each other.
Join them; it only takes a minute:
Sign up
up vote 0 down vote favorite

I am practicing buffer overflow and assembly coding. Right now I am able to find return address, and jump to anywhere inside the program itself. However, I want to do more than just jump to itself, I want to display some string that I sent to the program buffer (the string is not included in the program, but it's an input I sent with my exploit). Lets say I want to display "you are hacked!", how can I do that?

I understand to display something, I need to call prints() function inside the program itself, and assign the address value to $a0, which is the argument passing into prints() and prints() will print anything in that address out. However, my input string is not included in the program, I have no way to display my own message but only the data in program itself. How can I do that?

share|improve this question
    
Why don't you put your string into the buffer you are overrunning? Are you limited in size of buffer? :D (pun intended) – Ped7g Oct 31 at 16:33
    
thx! I was so tired that I didn't know solution is already there. I just found out the way to solve it! You clear my thoughts, thanks! – Tom Dawn Oct 31 at 16:52
up vote 0 down vote accepted

I had the answer just a step away, I did put my hack message into the buffer. I was wrongly putting the string in $a0, however what I really should do is to put the memory address of the string into $a0. As soon as I did that, my hack message displayed.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.