-1

Soon, I am due to be giving a presentation to my class (doing a degree in computer science) where I want to give a basic example of a buffer overflow and why it's a problem. However, I can't get my buffer overflow to work.

The issue is that as soon as the crash is caused, the process is terminated, even if the process is attached to a debugger like xdbg (in VS, an exception is thrown). I think this is caused by one of the protections built into Windows 10. I have gone through the following article trying to disable them and made sure to compile the project with /GS disabled in the project properties, but the problem is still happening.

Exploit protections disabled

Code is below:

#include <iostream>
#include <string>
using namespace std;

int main()
{
    string input;
    char overflow[5];
    cin >> input;
    strcpy(overflow, input.c_str());
}
Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
TEd44562324
  • 11
  • 4
  • 2
    This looks more like a buffer overflow than a stack overflow. Is that what you intended? A buffer overflow isn't guaranteed to crash your program right away. – jkb Dec 19 '19 at 01:38
  • A recursive algorithm that infinity recurses would be an easy example of a stack overflow – drescherjm Dec 19 '19 at 01:40
  • It would be easy to cause a stack overflow with a recursive call bug. It is displayed in IDE debug execution. [再帰関数を学んでいます。Segmentation fault の理由](https://ja.stackoverflow.com/q/60351/26370) – kunif Dec 19 '19 at 01:41
  • As you can see, there is some doubt on the correct use of the term "stack overflow". To clarify, please describe what you want to provoke. Maybe "I want to copy to the array `overflow` something which is to big for it, so that it overwrites another nearby variable. Ideally so that I can illustrate by outputting the two variables." – Yunnosch Dec 19 '19 at 01:42
  • Apologies I did intend to have a buffer overflow, I will amend the question. – TEd44562324 Dec 19 '19 at 01:43
  • If you want to cause the application's stack to overflow, just write a recursive routine that never ends. It might be helpful to specify a tiny memory model as well. – STLDev Dec 19 '19 at 01:43
  • Basically I want to provide an input that will overwrite the instruction pointer. Then ideally do a little demonstration of why this is bad. To the best of my knowledge strcpy() is a good function to use for this. – TEd44562324 Dec 19 '19 at 01:49
  • The `strcpy` function will indeed overrun the `overflow` buffer assuming that `input` contains more than 4 characters, but the overflow may not cause the result you're looking for. – jkb Dec 19 '19 at 01:53

2 Answers2

-1

Here's one example of a buffer overflow

#include <iostream>
#include <string>
#include <string.h>
using namespace std;

struct Buffers {
    char buffer1[6];
    char buffer2[6];
};

int main(int argc)
{
    string input;
    cin >> input;

    Buffers b = {};
    strcpy(b.buffer2, "Hello");
    cout << b.buffer2 << endl;

    strcpy(b.buffer1, input.c_str());

    cout << b.buffer2 << endl;
}

I used testing as my input though I suppose you don't even need the input. I assume that was part of your presentation that user input is a common place for a buffer overflow.

gman
  • 100,619
  • 31
  • 269
  • 393
  • If possible could you let me know why when I run this and put in 50 a's it overwrites RCX and R8 instead of the instruction pointer? Am I doing something wrong? – TEd44562324 Dec 23 '19 at 01:19
-1
cmd [BOOSTSPEED] [BOOT] [*.exe] [*.dll] [*.xml] [*.rss] [*.mui] [html] [html1] [html2] [html3] [html4] [html5] [-4] [-6] [-8] [xhtml] [htmlx] [htmld] [network] [*.app] [desctop] [-r Scaddr] [-ping] [set backdoor watchguard in PITTBULLMODE using 8888 nodes x 7/12 measures] [IEEE802.0.1/nlgbx] [IEEE802.1.1/nlgbx]/
Littm
  • 4,923
  • 4
  • 30
  • 38
Peter De Schrijver
  • 1
  • Welcome to SO. While this code snippet may be the solution, including an explanation really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion. Please check [how-to-answer](https://stackoverflow.com/help/how-to-answer) for more details. – alan.elkin Jun 13 '20 at 20:45