问题
Soon, I am due to be giving a presentation to my class (doing a degree in computer science) where I want to give a basic example of a buffer overflow and why it's a problem. However, I can't get my buffer overflow to work.
The issue is that as soon as the crash is caused, the process is terminated, even if the process is attached to a debugger like xdbg (in VS, an exception is thrown). I think this is caused by one of the protections built into Windows 10. I have gone through the following article trying to disable them and made sure to compile the project with /GS disabled in the project properties, but the problem is still happening.
Exploit protections disabled
Code is below:
#include <iostream>
#include <string>
using namespace std;
int main()
{
string input;
char overflow[5];
cin >> input;
strcpy(overflow, input.c_str());
}
回答1:
Here's one example of a buffer overflow
#include <iostream>
#include <string>
#include <string.h>
using namespace std;
struct Buffers {
char buffer1[6];
char buffer2[6];
};
int main(int argc)
{
string input;
cin >> input;
Buffers b = {};
strcpy(b.buffer2, "Hello");
cout << b.buffer2 << endl;
strcpy(b.buffer1, input.c_str());
cout << b.buffer2 << endl;
}
I used testing as my input though I suppose you don't even need the input. I assume that was part of your presentation that user input is a common place for a buffer overflow.
来源:https://stackoverflow.com/questions/59402220/creating-a-buffer-overflow-on-windows-10