Skip to content

Commit ae0cee5

Browse files
qhdwightqhdwight
committed
Add more to buffer overflow
1 parent 6874299 commit ae0cee5

File tree

1 file changed

+20
-2
lines changed

1 file changed

+20
-2
lines changed

buffer_overflow/README.md

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,26 @@ For example, `input_buffer` is only 16 bytes, but `gets` allows you to input as
88

99
### The Stack
1010

11-
For many this may be the first time learning about the stack. Here is a diagram:
11+
For many this may be the first time learning about the stack. Let's throw you right in, here is a diagram:
1212

1313
![Stack Diagram](https://eli.thegreenplace.net/images/2011/08/x64_frame_nonleaf.png)
1414

15-
Note that this is from: https://eli.thegreenplace.net/2011/09/06/stack-frame-layout-on-x86-64, you should check it out for a primer! But don't worry if some details go over your head.
15+
Credit: https://eli.thegreenplace.net/2011/09/06/stack-frame-layout-on-x86-64 (also a good read)
16+
17+
Okay wait up. There are others who can explain the stack way better than I, check out this video for a good explanation: https://youtu.be/jVzSBkbfdiw
18+
19+
Philosophical sidetrack - It is okay if things are confusing at this point, that is a lot of security. Just let it settle in and come back to it a little bit every day.
20+
21+
Let's extract out what is important. This is what is stored on a stack frame:
22+
23+
- Local variables
24+
- Saved stack base from previous frame
25+
- Return address
26+
27+
Local variables means that `input_buffer` is in the stack frame. Good to know, we also know that we can write past that due to the previous discussion about `gets`.
28+
29+
The return address is also on the stack. What does that mean? Well a function has to know where it was called from in order to return there. If I call `puts` from `main`, the computer needs to know that I need to resume execution in `main` after I finish `puts`. So it places the return address on the stack.
30+
31+
Right now a bell should be going off, look at the diagram again. The stack grows downwards (remember), so we can write past our buffer and overwrite the return address! We can tell the computer where to go next. This is the basic idea of a buffer overflow.
32+
33+
Notice how we attacked. We enumerated every resource that we controlled and figured out how they all interacted with the system. Keep this idea in mind.

0 commit comments

Comments
 (0)