Hey everyone one I have some code and I need to change the address to the function I want to go to. I need to change the address of normal in the menufunc array to administrative. I have constructed this string that puts me in menufunc[2]:
xxxxxxxxxxxxxxxxxxxx111111111122222222223333333333444444444455555555556680487d2

The address of the administrative function is 80487d2
I put the address at the end but it doesn't work, is there a particular way I need to format the address?

Thanks

here is the code:

int main (int argc, char *argv[]);
void list(void);
void add(void);
void quit(void);
void delete(void);
void deleteall(void);
void normal(char *user);
void administrative(char *nothing);
void debug(char *nothing);
void rot13(char *user, char *rot13pwd);

typedef void (*menufunctype)(char *);
typedef void (*userfunctype)(void);
typedef void (*adminfunctype)(void);

// jump table for non-administrative functions
userfunctype userfunc[3] = {add, list, quit};

// jump table for administrative functions
adminfunctype adminfunc[5] = {delete, deleteall, add, list, quit};


int main (int argc, char *argv[]) {

  menufunctype menufunc[3]={debug, administrative, normal};
  char rot13pwd[20];
  char user[20];
  char pwd[20];

  printf("Enter authorization code: "); fflush(stdout);
  gets(pwd);
  printf("Enter username or \"admin\" for admin functions: "); fflush(stdout);
  gets(user);

  // authenticate user
  rot13(user, rot13pwd);

  if (strcmp(pwd, rot13pwd)) {
    puts("Authentication FAILED.  Access denied.\n");
    exit(1);
  }

  // passed authentication, now display debug, normal or
  // administrative menu.  If administrative access is prohibited by
  // compile-time "ADMINISTRATIVE" symbol, then don't allow admin
  // under any circumstances.

  if (! strncmp("debug", user, 5)) {
    (*menufunc[0])(user);
  }
  else if (! strncmp("admin", user, 5)) {
#if defined(ADMINISTRATIVE)
    (*menufunc[1])(0);
#else
    puts("NO ADMINSTRATIVE ACCESS AVAILABLE--SEE YOUR SYSTEMS ADMINISTRATOR.");
#endif
  }
  else {
    (*menufunc[2])(user);
  }
}

Edited 5 Years Ago by functionalCode: n/a

I am confused. How would i write that address in the buffer. I am stuck on this problem.

You would need to write the actual value of the address to the buffer, not it's string representation.

There are plenty of resources on the web that describe how to do such things. I think this topic borders on policy issues for the forum so I will refrain from any further description.

Academic purposes or not, information on exploiting buffer overflows constitutes hacking, which is against Daniweb's rules. I'm sorry.

This article has been dead for over six months. Start a new discussion instead.