 |  |  |  |  |  |  |  |
Getting the return address
Please support our C advertiser: Programming Forums - DaniWeb Sister Site
 |
•
•
Join Date: Dec 2007
Posts: 113
Reputation: 
Solved Threads: 6
Junior Poster
Hello all.
I want to find the return address where execution should jump after returning from a function.
Say this is my code:
After foo() returns, how to find the rturn address where control will be passed?
Thank you....
I want to find the return address where execution should jump after returning from a function.
Say this is my code:
C Syntax (Toggle Plain Text)
After foo() returns, how to find the rturn address where control will be passed?
Thank you....
PEACE !
•
•
Join Date: Dec 2005
Posts: 5,850
Reputation: 
Solved Threads: 749
First, this is HIGHLY dependent on your current implementation. Change anything at all, and it might break.
It also means you need to tell us exactly what you have if you ever hope of a useful answer.
Second, why do you need to know, and what are you going to use the answer for (there's probably a better way).
It also means you need to tell us exactly what you have if you ever hope of a useful answer.
Second, why do you need to know, and what are you going to use the answer for (there's probably a better way).
•
•
Join Date: Dec 2007
Posts: 113
Reputation:
Solved Threads: 6
Junior Poster
Alright then.
I m trying to smash the stack.
I am trying to modify the return address so that i divert the execution elsewhere.
This is my code :
heres the op:
I m trying to smash the stack.
I am trying to modify the return address so that i divert the execution elsewhere.
This is my code :
C Syntax (Toggle Plain Text)
heres the op:
C Syntax (Toggle Plain Text)
PEACE !
•
•
Join Date: Dec 2007
Posts: 113
Reputation:
Solved Threads: 6
Junior Poster
oh! and i am usng gcc on ubuntu
PEACE !
You will have to know how a stack frame is implemented on your system. I don't know if it is the same for all (or most) x86 systems, but from looking at this article on wikipedia it looks like it could be this:
I did some toying around with C, and came up with this:
this prints the output:
The segmentation fault is because the stack is set up to return to main, and then return to the system once main completes. But since the return address is bashed to returned to yet another function, that function get's main's call stack. I have no idea what this does, but I'm assuming it is bad.
I had to play with the magic number (which turned out to be 2) for a bit, but I'm not exactly sure about why 2. I could play with it more and find out just how the stack frame looks, but I'll leave that up to you.
For fun, compile my code on your machine and see if you get identical output. Try it on a windows box. The behavior of this sort of thing depends heavily on the compiler and system.
I would play with this more but it's 2AM and time to get some rest.
C Syntax (Toggle Plain Text)
I did some toying around with C, and came up with this:
C Syntax (Toggle Plain Text)
this prints the output:
C Syntax (Toggle Plain Text)
The segmentation fault is because the stack is set up to return to main, and then return to the system once main completes. But since the return address is bashed to returned to yet another function, that function get's main's call stack. I have no idea what this does, but I'm assuming it is bad.
I had to play with the magic number (which turned out to be 2) for a bit, but I'm not exactly sure about why 2. I could play with it more and find out just how the stack frame looks, but I'll leave that up to you.
For fun, compile my code on your machine and see if you get identical output. Try it on a windows box. The behavior of this sort of thing depends heavily on the compiler and system.
I would play with this more but it's 2AM and time to get some rest.
Last edited by winrawr; Aug 3rd, 2009 at 5:16 am.
I wake up! And my mind's out, never again will I sell out. Converting vegetarians.
Into the midnight giving it to you, I don't know it just feels right.
This is the time of the revolution, Cooking the next step.
Converting vegetarians, minding the gap since 1996
Into the midnight giving it to you, I don't know it just feels right.
This is the time of the revolution, Cooking the next step.
Converting vegetarians, minding the gap since 1996
|
Similar Threads
- manipulating return address (C)
- Unexpected return from string comparison function (C)
- Please helpwith how to return two dimensional array (C++)
- [Warning] address of local variable returned??? (C++)
- How to return more than one value from a method? (C#)
- Viewing An IP Address in Command Prompt (Windows NT / 2000 / XP)
Other Threads in the C Forum
- Previous Thread: To form a palindrome of a given string
- Next Thread: gotxy function REPLY
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest C Posts
- Today's Posts
- Unanswered Threads
* ansi api array arrays bash binarysearch calculate centimeter changingto char character convert copyanyfile copypdffile creafecopyofanytypeoffileinc createcopyoffile createprocess() dynamic execv fflush file floatingpointvalidation fork forloop frequency function getlogicaldrivestrin givemetehcodez grade graphics gtkwinlinux histogram homework i/o ide inches include infiniteloop initialization input intmain() iso keyboard km license linked linkedlist linux list looping loopinsideloop. lowest matrix microsoft multi mysql oddnumber open opendocumentformat openwebfoundation overwrite pdf pointer pointers posix power program programming pyramidusingturboccodes radix read recursion recv recvblocked reversing scanf scheduling segmentationfault send shape single socketprogramming stack standard strchr string strings suggestions test testautomation testing threads unix urboc user variable whythiscodecausesegmentationfault win32api windowsapi
