Differences

This shows you the differences between two versions of the page.

--- ex:vcode:start [2023/04/10 20:51] – ebaer
+++ ex:vcode:start [2023/07/31 05:51] (current) – titannet
@@ Line 68: / Line 68: @@
 # x86 function prolog: push ebp, mov ebp, esp
 # [ebp+8] == local variable
+# dd esp -> first address on stack == return pointer
+# dd ebp -> old base pointer
+# dd poi(ebp+8)
 </code>
@@ Line 136: / Line 141: @@
+</code>
+====== Heap2-2 ======
+<code c>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/types.h>
+#include <stdio.h>
+// Use after free example, original code from https://exploit.education
+#define SERVICE_SIZE 32
+struct AuthStruct {
+  char name[32];
+  int is_authenticated;
+};
+struct AuthStruct *auth;
+char *service;
+int main(int argc, char **argv)
+{
+  char line[128];
+  while(1) {
+    printf("[ auth = %p, service = %p ]\n", auth, service);
+    if(fgets(line, sizeof(line), stdin) == NULL) break;
+    if(strncmp(line, "user ", 5) == 0) {
+      auth = malloc(sizeof(*auth));
+      memset(auth, 0, sizeof(*auth));
+      if(strlen(line + 5) < 31) {
+        strcpy(auth->name, line + 5);
+      }
+    }
+    if(strncmp(line, "reset", 5) == 0) {
+      free(auth);
+    }
+    if(strncmp(line, "service", 6) == 0) {
+      service = malloc(SERVICE_SIZE);
+      strcpy(service, line+7);
+    }
+    if(strncmp(line, "login", 5) == 0) {
+      if(auth->is_authenticated) {
+        printf("you have logged in already!\n");
+      } else {
+        printf("please enter your password\n");
+      }
+    }
+  }
+}
 </code>