![]() But what exactly is that “malicious code” of our payload? The execution, therefore, would happen as follows:Īs it can be seen in the picture, we overwrite the stack with our malicious code and we place on ret the starting address of it. We also want ret to be the memory location at the start of our malicious code, so that it is successfully executed. Since it is common to use the malicious payload itself to overflow the stack, we need to know where exactly we will start overflowing the buffer, and specially at which overflowing bytes we will start to modify ret. Given that we need to store our malicious payload somewhere in memory beforehand, we need to be cautious about the length of it. This payload could be entered via a program argument, or be stored somewhere else on accessible memory. We can, in fact, redirect the execution to a memory section where we have stored our own, malicious code. Since we can change the value of EIP, we can actually redirect the execution of our program to wherever we want! (as long as it is valid). The power of the buffer overflow relies on the last point which was made. But what will execute? We do not know, but it will be done anyways, because computers do not make a distinction between instructions and data as long as we have the permissions. The next time we fetch an instruction to execute, we will fetch it from memory address = EIP. This is the critical point of the buffer overflow.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |