Introduction to Stack-Based Overflows
A buffer overflow occurs when a program writes more data to a buffer than it was allocated to hold. This extra data overflows into adjacent memory spaces, corrupting them and potentially overwriting the instruction pointer (EIP/RIP) to control execution flow.
1. Memory Layout of a Program
When a process runs in memory, its virtual space is organized into several segments:
- Text Segment: Contains the compiled machine instructions.
- Data Segment: Contains initialized global variables.
- BSS Segment: Contains uninitialized global variables.
- Heap: Dynamically allocated memory (grows upward).
- Stack: Local function variables, frame parameters, return addresses (grows downward).
2. Anatomy of an Overflow
Consider this vulnerable C code snippet:
#include <string.h>
void vuln_func(char *str) {
char buffer[64];
strcpy(buffer, str); // No bounds checking!
}
int main(int argc, char **argv) {
vuln_func(argv[1]);
return 0;
}The stack layout inside vuln_func looks like this:
| Memory Space | Description |
|---|---|
| [ Buffer (64 bytes) ] | Allocated space for local variable buffer |
| [ Saved EBP (4 bytes) ] | Base Pointer of the calling function |
| [ Return Address / EIP (4 bytes) ] | Address to return to after function finishes |
If we supply 80 bytes of data, the strcpy function will copy all 80 bytes. The first 64 bytes fill the buffer, the next 4 overwrite the Saved EBP, and the next 4 overwrite the Return Address (EIP). By placing the address of a shellcode payload there, we can hijack the program execution.
Comments Feed (0)
Participate in technical discussions. Keep communications professional.