Question
here is disassemble code for main: Dump of assembler code for function main: 0x56557365 : lea 0x4(%esp),%ecx 0x56557369 : and $0xfffffff0,%esp 0x5655736c : push -0x4(%ecx)
here is disassemble code for main:
Dump of assembler code for function main:
0x56557365 <+0>: lea 0x4(%esp),%ecx
0x56557369 <+4>: and $0xfffffff0,%esp
0x5655736c <+7>: push -0x4(%ecx)
0x5655736f <+10>: push %ebp
0x56557370 <+11>: mov %esp,%ebp
0x56557372 <+13>: push %ecx
0x56557373 <+14>: sub $0x14,%esp
0x56557376 <+17>: mov %ecx,%eax
0x56557378 <+19>: cmpl $0x1,(%eax)
0x5655737b <+22>: jg 0x5655739d
0x5655737d <+24>: mov 0x4(%eax),%eax
0x56557380 <+27>: mov (%eax),%eax
0x56557382 <+29>: sub $0x8,%esp
0x56557385 <+32>: push %eax
0x56557386 <+33>: push $0x56558031
0x5655738b <+38>: call 0xf7d4afd0 <__printf>
0x56557390 <+43>: add $0x10,%esp
0x56557393 <+46>: sub $0xc,%esp
0x56557396 <+49>: push $0x0
0x56557398 <+51>: call 0xf7d32620 <__gi_exit>
0x5655739d <+56>: movl $0x0,-0xc(%ebp)
0x565573a4 <+63>: mov 0x4(%eax),%eax
0x565573a7 <+66>: add $0x4,%eax
0x565573aa <+69>: mov (%eax),%eax
0x565573ac <+71>: push %eax
0x565573ad <+72>: push $0x3
0x565573af <+74>: push $0x2
0x565573b1 <+76>: push $0x1
0x565573b3 <+78>: call 0x56557273
0x565573b8 <+83>: add $0x10,%esp
0x565573bb <+86>: movl $0x1,-0xc(%ebp)
0x565573c2 <+93>: cmpl $0x0,-0xc(%ebp)
0x565573c6 <+97>: jne 0x565573da
0x565573c8 <+99>: sub $0xc,%esp (return address)
0x565573cb <+102>: push $0x56558045
0x565573d0 <+107>: call 0xf7d6c8d0 <__gi__io_puts>
0x565573d5 <+112>: add $0x10,%esp
0x565573d8 <+115>: jmp 0x56557407
0x565573da <+117>: cmpl $0x2,-0xc(%ebp)
0x565573de <+121>: jne 0x565573f7
0x565573e0 <+123>: sub $0xc,%esp
0x565573e3 <+126>: push $0x56558056
0x565573e8 <+131>: call 0xf7d6c8d0 <__gi__io_puts>
0x565573ed <+136>: add $0x10,%esp
0x565573f0 <+139>: call 0x5655720d
0x565573f5 <+144>: jmp 0x56557407
0x565573f7 <+146>: sub $0xc,%esp
--Type
0x565573fa <+149>: push $0x56558045
0x565573ff <+154>: call 0xf7d6c8d0 <__gi__io_puts>
0x56557404 <+159>: add $0x10,%esp
0x56557407 <+162>: nop
0x56557408 <+163>: mov -0x4(%ebp),%ecx
0x5655740b <+166>: leave
0x5655740c <+167>: lea -0x4(%ecx),%esp
0x5655740f <+170>: ret
End of assembler dump.
The code for most of the main function:
int x;
x = 0;
vuln(1,2,3,argv[1]);
x = 1;
if (x == 0)
printf("::: You lose :::\n");
else if (x == 2){
printf("::: You Win :::\n");
getFlag();
}
else
printf("::: You lose :::\n");
what will be the exact offset to overflow the buffer?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Accounting Volume 1
Authors: Charles T. Horngren, Walter T. Harrison, Jo Ann L. Johnston, Carol A. Meissner, Peter R. Norwood
9th Canadian edition
978-013309863, 9780133128338, 013309863X, 133128334, 978-0132690096
