http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_system&no=1860 [º¹»ç]
#include<stdio.h>
#include<string.h>
int main(int argc, char* argv[]){
int check1 = 0x200a0b00;
int check2 = 0xaabbccdd;
char buffer[20];
strcpy(buffer, argv[1]);
if(check2==0x11223344)
if(check1==0x200a0b00)
system("/bin/sh");
}
End of assembler dump.
(gdb) disas main
Dump of assembler code for function main:
0x0804844d <+0>: push %ebp
0x0804844e <+1>: mov %esp,%ebp
0x08048450 <+3>: and $0xfffffff0,%esp
0x08048453 <+6>: sub $0x30,%esp
0x08048456 <+9>: movl $0x200a0b00,0x2c(%esp)
0x0804845e <+17>: movl $0xaabbccdd,0x28(%esp)
0x08048466 <+25>: mov 0xc(%ebp),%eax
0x08048469 <+28>: add $0x4,%eax
0x0804846c <+31>: mov (%eax),%eax
0x0804846e <+33>: mov %eax,0x4(%esp)
0x08048472 <+37>: lea 0x14(%esp),%eax
0x08048476 <+41>: mov %eax,(%esp)
0x08048479 <+44>: call 0x8048310 <strcpy@plt>
0x0804847e <+49>: cmpl $0x11223344,0x28(%esp)
0x08048486 <+57>: jne 0x804849e <main+81>
0x08048488 <+59>: cmpl $0x200a0b00,0x2c(%esp)
0x08048490 <+67>: jne 0x804849e <main+81>
0x08048492 <+69>: movl $0x8048530,(%esp)
0x08048499 <+76>: call 0x8048320 <system@plt>
0x0804849e <+81>: leave
0x0804849f <+82>: ret
End of assembler dump.
¿©±â¿¡¼ ¾î¶»°Ô Çؾߵɱî¿ä..... buffer°¡ 20¹ÙÀÌÆ®°¡ ¾Æ´Ò ¼öµµ ÀÖ´Ù´Ï..
|
Hit : 2122 Date : 2017/04/16 06:37
|