argv argc and buffer over-run HACK
-
OK I am watching tv like a scout and here is this fellow selling a book on hacking. He went on to show how to over-run a buffer and loading the stack with his code to cause the return to be over written. Question 1: In dialogs we can force the command line to be read and set upon the stack, and in MDI - SDI they come naturally in InitInstance, should we place code in argv argc to limit the size of the argument. Question 2: Should we disable or send argv and argc to a function the dump(s) them. This is a real concern for me if the small man in the TV is right because I have applications written in vc and lcc since 1990 that scream with this flaw. Please let me know what to do, I need your help on this one, any idea's will be appreicated. :(( Best Wishes, ez_way
-
OK I am watching tv like a scout and here is this fellow selling a book on hacking. He went on to show how to over-run a buffer and loading the stack with his code to cause the return to be over written. Question 1: In dialogs we can force the command line to be read and set upon the stack, and in MDI - SDI they come naturally in InitInstance, should we place code in argv argc to limit the size of the argument. Question 2: Should we disable or send argv and argc to a function the dump(s) them. This is a real concern for me if the small man in the TV is right because I have applications written in vc and lcc since 1990 that scream with this flaw. Please let me know what to do, I need your help on this one, any idea's will be appreicated. :(( Best Wishes, ez_way
any Windows application uses GetCommandLine() API to receive a pointer to its command line arguments, or uses a parameter which is passed to its WinMain function that points to the program command line. After that,if you have a main function, C Run-Time Libraries (CRT) formats the arguments, seperates them, and counts them and then sends them to your main function using argv and argc. if you use MFC, it has some wrappers around this command line(but you can use __argc & __argv which are globally defined),anyway the WinApp::m_lpCmdLine contains the raw command line. Up to here no stack overflow or other flaws exist. now it depends on your code to how to deal with these arguments. if you do something like: char myparams[100]; strcpy(myparams, AfxGetApp()->m_lpCmdLine); or even: printf(AfxGetApp()->m_lpCmdLine); then you have to review your old codes. ;)
-
any Windows application uses GetCommandLine() API to receive a pointer to its command line arguments, or uses a parameter which is passed to its WinMain function that points to the program command line. After that,if you have a main function, C Run-Time Libraries (CRT) formats the arguments, seperates them, and counts them and then sends them to your main function using argv and argc. if you use MFC, it has some wrappers around this command line(but you can use __argc & __argv which are globally defined),anyway the WinApp::m_lpCmdLine contains the raw command line. Up to here no stack overflow or other flaws exist. now it depends on your code to how to deal with these arguments. if you do something like: char myparams[100]; strcpy(myparams, AfxGetApp()->m_lpCmdLine); or even: printf(AfxGetApp()->m_lpCmdLine); then you have to review your old codes. ;)
Yes but you miss the point. I understand how it works but let me explain that if someone overfloes the buffer with their code, that code is placed on the stack (near), when the app returns it will execute their code period. All they have to do is figure out how many bytes to oplace in the overrun. Best Wishes, ez_way
-
Yes but you miss the point. I understand how it works but let me explain that if someone overfloes the buffer with their code, that code is placed on the stack (near), when the app returns it will execute their code period. All they have to do is figure out how many bytes to oplace in the overrun. Best Wishes, ez_way
You're both saying the same thing. While it may be possible to break your older applications (only you know the answer to this), the bigger question you have to ask is "Would anyone bother?". If the payoff is small, a "hacker" is not going to bother.
Five birds are sitting on a fence. Three of them decide to fly off. How many are left?