[閒聊] C 語言大師請進已回收
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define FLAGSIZE_MAX 64
int num_allocs;
char *x;
char *input_data;
void win() {
// Print flag
char buf[FLAGSIZE_MAX];
FILE *fd = fopen("flag.txt", "r");
fgets(buf, FLAGSIZE_MAX, fd);
printf("%s\n", buf);
fflush(stdout);
exit(0);
}
void check_win() { ((void (*)())*(int*)x)(); }
void print_menu() {
printf("\n1. Print Heap\n2. Write to buffer\n3. Print x\n4. Print
Flag\n5. "
"Exit\n\nEnter your choice: ");
fflush(stdout);
}
void init() {
printf("\nI have a function, I sometimes like to call it, maybe you
should change it\n");
fflush(stdout);
input_data = malloc(5);
strncpy(input_data, "pico", 5);
x = malloc(5);
strncpy(x, "bico", 5);
}
void write_buffer() {
printf("Data for buffer: ");
fflush(stdout);
scanf("%s", input_data);
}
void print_heap() {
printf("[*] Address -> Value \n");
printf("+-------------+-----------+\n");
printf("[*] %p -> %s\n", input_data, input_data);
printf("+-------------+-----------+\n");
printf("[*] %p -> %s\n", x, x);
fflush(stdout);
}
int main(void) {
// Setup
init();
int choice;
while (1) {
print_menu();
if (scanf("%d", &choice) != 1) exit(0);
switch (choice) {
case 1:
// print heap
print_heap();
break;
case 2:
write_buffer();
break;
case 3:
// print x
printf("\n\nx = %s\n\n", x);
fflush(stdout);
break;
case 4:
// Check for win condition
check_win();
break;
case 5:
// exit
return 0;
default:
printf("Invalid choice\n");
fflush(stdout);
}
}
}
這個程式碼是有問題的,有buffer overflow,我要得到 win 函數的地址讓 check_win 執行 win ,有沒有什麼辦法在不改 code
得到 win 的地址
--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 122.121.32.83 (臺灣)
※ 文章網址: https://www.ptt.cc/bbs/Marginalman/M.1710403832.A.090.html
→
03/14 16:11,
1年前
, 1F
03/14 16:11, 1F
推
03/14 16:11,
1年前
, 2F
03/14 16:11, 2F
推
03/14 16:12,
1年前
, 3F
03/14 16:12, 3F
推
03/14 16:14,
1年前
, 4F
03/14 16:14, 4F
→
03/14 16:17,
1年前
, 5F
03/14 16:17, 5F
→
03/14 16:17,
1年前
, 6F
03/14 16:17, 6F
→
03/14 16:20,
1年前
, 7F
03/14 16:20, 7F
→
03/14 16:34,
1年前
, 8F
03/14 16:34, 8F
→
03/14 16:37,
1年前
, 9F
03/14 16:37, 9F
討論串 (同標題文章)