Update strcpy_example.md

This commit is contained in:
Omar Santos 2021-02-22 17:23:20 -05:00 committed by GitHub
parent 9dd4310210
commit 10c8687cb4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -43,6 +43,8 @@ The local array `buffer[]` in `omarsucks()` has 12 bytes of memory. The `omarsuc
It should be noted that stacks grow from high address to low address, but buffers still grow in the normal direction (i.e., from low to high). Therefore, when we copy data to `buffer[]`, we start from `buffer[0]`, and eventually to `buffer[11]`. If there are still more data to be copied, `strcpy()` will continue copying the data to the region above the buffer, treating the memory beyond the buffer as `buffer[12]`, `buffer[13]`, and so on. It should be noted that stacks grow from high address to low address, but buffers still grow in the normal direction (i.e., from low to high). Therefore, when we copy data to `buffer[]`, we start from `buffer[0]`, and eventually to `buffer[11]`. If there are still more data to be copied, `strcpy()` will continue copying the data to the region above the buffer, treating the memory beyond the buffer as `buffer[12]`, `buffer[13]`, and so on.
The following is the stack after exploitation:
<img src="https://github.com/The-Art-of-Hacking/h4cker/blob/master/buffer_overflow_example/stack_after_buffer_overflow.png">