Linux¶ÑÕ»Òç³öµÄ¾­µäÎÊÌâ

 Linux¶ÑÕ»Òç³öµÄ¾­µäÎÊÌâ
ÉùÃ÷£º±¾ÎÄÕÂÖ»ÊÇÎÒѧϰµÄÒ»¸ö¼Ç¼£¬ÓйØÒýÓõĵط½£¬ÎÒ¶¼»á¸ø³öÁ´½ÓµÄ¡£Èç¹ûÇÖ·¸×÷ÕßȨÒ棬Çë֪ͨÎÒ¼°Ê±É¾³ý¡£
¿´ÁËһϣ¬LinuxһվʽѧϰµÄº¯Êýµ÷ÓÃ
£¬¸ãµÄÎÒÈÈѪ·ÐÌÚ£¬Á¢ÂíÕÒÄãÒ»ÏÂÕâ·½ÃæµÄ×ÊÁÏ¿´¿´¡£ÖÕÓÚ¿´µ½ÁËÒ»¸öÓйØLinux¶ÑÕ»Òç³öµÄÎÄÕ£¬¾ÍÄÃÀ´ÊÔÊÔÊÖÁË¡£²Î¿¼
ÎÒµÄѧϰlinux±Ê¼Ç£¨Ò»£©¶ÑÕ»
 
ÏÂÃæÀ´ÌùÒ»ÏÂÎҵĴúÂë°É¡£»ù±¾ºÍÉÏƪÎÄÕÂÒ»ÑùµÄ¡£
#include<stdio.h>
void attack()
{
int attack=1;
printf("hi,attacked!\n");
}
void yaya()
{
int yaya=1;
printf("hi,yaya is my wife\n");
}
void foo()
{
int c_foo=1;
*(& c_foo +2)=(int)attack;
}
void main(){
int a_main=1;
i=(int)yaya;
foo();
} 

BTW£¬ËµÃ÷һϣ¬ÎÒµÄƽ̨ÊÇredhat 9£¬2.4µÄºË¡£
Ö±½ÓÉÏͼ°É£º
ÏÈÀ´¿´Ò»Ï¸÷¸öº¯ÊýµÄ·´»ã±à£º
mainº¯ÊýµÄ£º
yayaº¯ÊýµÄ£º
attackº¯ÊýµÄ£º
fooº¯ÊýµÄŶ£º
ºÃÁË£¬ÏÂÃæһһϸ˵ÁË£º
º¯Êýmain£º
*(& a_main -1)=(int)yaya;ÕâÌõÓï¾ä·Ç³£¹Ø¼ü£¬ÒòΪ
(& a_main -1)µØÖ·»»³ÉÁËyayaº¯ÊýµÄÈë¿ÚµØÖ·£¬ÄÇô
(& a_main -1)Ô­À´µÄÊÇʲôÄØ£¿
Ç뿴ͼ£º
ÎÒÃÇÖªµÀ£¬GCCÖ¸Õ붼ÊÇ4×Ö½Ú¶ÔÆëµÄ£¬ÄÇô
(& a_main -1)¾ÍÊǵØÖ·0xbfffe2d0£¬ÀïÃæʲôҲûÓС£Ö»ÊÇGCCΪÁË16×Ö½Ú¶ÔÆëÔ­Ôò¶ø¿Õ×ŵġ£¾ßÌå¿É¼û£ºX86»ã±àÓïÑÔѧϰÊÖ¼Ç
˳±ã˵һÏ£¬
ÔÚÖ´ÐгÌÐòʱ£¬²Ù×÷ϵͳΪ½ø³Ì·ÖÅäÒ»¿éÕ»¿Õ¼äÀ´±£´æº¯ÊýÕ»Ö¡£¬ÔÚÿ¸öº¯ÊýµÄÕ»Ö¡ÖУ¬ebp
Ö¸ÏòÕ»µ×£¬¶øesp
Ö¸ÏòÕ»¶¥£¬ÔÚx86ƽ̨ÉÏÕâ¸öÕ»ÊǴӸߵØÖ·ÏòµÍµØÖ·Ôö³¤µÄ£¬ÎÒÃÇÖªµÀÿ´Îµ÷ÓÃÒ»¸öº¯Êý¶¼Òª·ÖÅäÒ»¸öÕ»Ö¡À´±£´æ²ÎÊýºÍ¾Ö²¿±äÁ¿¡££¨
LinuxһվʽѧϰµÄº¯Êýµ÷ÓÃ
£©
ÏÂÃæÖ´ÐÐfooº¯Êý¡£
fooº¯Êý
£º
¹Ø¼üÔÚ*(& c_foo
+2)=(int)attack;
ËüµÄÒâ˼¾ÍÊÇ
±¾
À´0xbfffe2cc´æ·ÅµÄÊÇmain·µ»ØµÄµØÖ·0x0804839f£¬µ«ÊǸÄΪattackº¯ÊýµÄÈë¿ÚµØÖ·0x08048328¡£
ÕâÑù¾Í»áµ¼ÖÂmainº¯Êý·µ»Øʱ£¬Åܵ½attackº¯Êý¼ÌÐøÖ´ÐС£
ºÃÁË£¬fooº¯ÊýÖ´ÐÐÍêÁË£¬ESPÒÀ´Î³öÕ»£¬¾Íµ½ÁË
attackº¯ÊýµÄÈë¿ÚµØÖ·0x08048328¡£
¾Íattackº¯ÊýÖ´ÐÐÍê±ÏÒԺ󣬴ËʱµÄESP¾ÍΪ
µØÖ·0xbfffe2d0£¬»ØÏëһϣ¬Õâ
µØÖ·0xbfffe2d0ÀïÃæÊÇʲô£¿
¶ÔÁË£¬¾ÍÊÇyayaº¯ÊýµÄÈë¿ÚµØÖ·¡£
ÄÇô½ÓÏÂÀ´£¬¾ÍÊÇÖ´ÐÐyayaº¯ÊýÁË¡£
ÄÇôyayaº¯ÊýÖ´ÐÐÍêÒԺ󣬽ÓÏÂÀ´£¬¸ÃÔõô°ìô£¿
ÓÉÓÚmainº¯Êý¶ªÊ§ÁË·µ»ØµØÖ·£¬µ¼ÖÂmainº¯ÊýÎÞ·¨·µ»Ø