|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
  1574,  5/79 |
  |
 |
 |
 |
 |
pkdo1030 | ||||||
 |
|||||||
 |
http://h00ker.tistory.com | ||||||
|
|||||||
 |
Æ÷¸Ë½ºÆ®¸µ °³³ä Á¦´ë·Î ¼³¸íÇØÁֽǺР| ||||||
|
|||||||
|
http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_system&no=1888 [º¹»ç]
Hit : 2297 Date : 2017/07/24 09:50
|
|||||||
 |
|||||||
|  |
| |
| ±è´äº¯ | Æ÷¸Ë½ºÆ®¸µ¹ö±×´Â °¡º¯ÀÎÀÚ°¡ ¾î¶»°Ô 󸮵Ǵ°¡¸¦ ÀÌÇØÇÏ½Ã¸é µË´Ï´Ù °¡º¯ÀÎÀÚ¸¦ »ç¿ëÇÏ´Â ÇÔ¼ö´Â ó¸®ÇÒ ÀÎÀÚÀÇ ½ÃÀÛ°ú ³¡À» ¾Ë ¼ö ÀÖ¾î¾ß Çϴµ¥ printf¿¡¼´Â ù¹ø° ÀÎÀÚÀÇ ¹®ÀÚ¿¿¡ µé¾î¿Â Æ÷¸Ë½ºÆ®¸µÀÇ °¹¼ö¸¦ ÀÎÀÚÀÇ °¹¼ö·Î ¾Ë°í ó¸®ÇÕ´Ï´Ù ±×·¯´Ï±î printf¿¡ ÀÎÀÚ¸¦ ½ÇÁ¦·Î ¸î°³¸¦ ³Ö¾úµç °£¿¡ Æ÷¸Ë½ºÆ®¸µÀÇ °¹¼ö°¡ 2000°³¶ó¸é printf¾ÈÀÇ Æ÷¸Ë½ºÆ®¸µ Çڵ鷯µµ 2000¹ø ½ÇÇàµÇ´Â °ÍÀÌÁÒ ±×¸®°í ÀÎÀÚ´Â ½ºÅÃÀ» ÅëÇØ Àü´ÞµË´Ï´Ù(32ºñÆ® stdcall, cdecl ±âÁØ) printf("%x %x %x %x", 65, 66, 67, 68); À» Çϸé 41 42 43 44 °¡ Ãâ·Â µÇ°ÚÁö¸¸ printf("%x %x %x %x"); À» ÇÏ¸é ½ºÅþÈÀÇ ³×°³ÀÇ µ¥ÀÌÅÍ°¡ º¸¿©Áö°Ô µË´Ï´Ù(¸Þ¸ð¸® ¸¯) ±×¸®°í ±× ³×°³ÀÇ µ¥ÀÌÅÍ´Â ½ºÅû󿡼 Æ÷¸Ë½ºÆ®¸µ(fmt) ÀÎÀÚ°¡ À§Ä¡ÇÑ ±× ´ÙÀ½ºÎÅÍ 4¹ÙÀÌÆ®¾¿ ³×°³°¡ ±×´ë·Î º¸¿©Áö°Ô µË´Ï´Ù. gdb·Î printf È£Ãâ Á÷Àü¿¡ ºê·¹ÀÌÅ©Æ÷ÀÎÆ®¸¦ °É¾î È®ÀÎÇÏ¸é µË´Ï´Ù x/4wx $esp printfÁ÷Àü¿¡ x/4wx $esp¸¦ ÇÑ°Í°ú printf¿¡¼ Ãâ·ÂÇÏ´Â°Ô °°´Ü°É ¾Æ½Ç ¼ö ÀÖÀ» °Ì´Ï´Ù ±×·±µ¥ vsprintf¿¡´Â ÀÌ»óÇÏ°Ôµµ %nÀ̶ó´Â, Ãâ·ÂÀÌ¾Æ´Ñ ¾²±â¸¦ ÇÏ´Â Æ÷¸Ë½ºÆ®¸µÀÌ ÀÖ½À´Ï´Ù ±×·³ °á±¹ printf·Î´Â ¸Þ¸ð¸® Àб⠾²±â ¸ðµÎ°¡ µÇ´Â °ÍÀÌÁÒ ÀÌ°É ÀÌ¿ëÇØ ¸Þ¸ð¸®¸¦ Àоî ÇÊ¿äÇÑ ¶óÀ̺귯¸® ÁÖ¼Ò¸¦ ¾Ë¾Æ³»°í GOT OverwriteµîÀ» ÅëÇØ ÀÓÀÇ ½ÇÇàÈ帧 º¯Á¶°¡ °¡´ÉÇÕ´Ï´Ù |
2017/08/07 | |
|
|
