Analyzing BufferOverflow with GDB

Pre-requisite: GDB (Step by Step Introduction)

A BufferOverflow often occurs when the content inside the defined variable is copied to another variable without doing Bound Checks or considering the size of the buffer. Let’s analyze buffer overflow with the help GNU Debugger (GDB) which is inbuilt every Linux system.

The motive of this exercise is to get comfortable with debugging code and understand how does buffer overflow works in action.



filter_none

edit
close

play_arrow

link
brightness_4
code

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
  
int main(int argc, char** argv)
{
    volatile int cantoverflowme;
    char buffer[64];
  
    cantoverflowme = 0;
    gets(buffer);
  
    if (cantoverflowme != 0) {
        printf("You OVERFLOW'ed Me\n");
    }
    else {
        printf("Can't Overflow Me\n");
    }
}

chevron_right


  • Step 1

    Let’s compile this code with the following flags :

    gcc overflow.c -o overflow  -fno-stack-protector -z execstack -no-pie 

    The above code is going to create a compiled binary that disables various stack protections

    -z execstack : Disables Executable Stack
    -fno-stack-protector : Disables Stack Canaries
    -no-pie : Disables Position Independent Executables
  • Step 2

    Now that stack protections are disabled we can load the code in GDB by typing

    gdb ./overflow
  • Step 3

    Once the code is open we can look at the functions that are inside the binary by using typing

    info functions

    We can see there’s a gets call which is being used which is vulnerable in nature as it doesn’t do any bound checks.

  • Step 4

    Let’s type

    disas main

    and disassemble the main function

  • Step 5

    Let’s put a breakpoint by typing

    b * main+39

    so that we can analyze the content of stack when the program hits the breakpoint.


  • Step 6

    Type

    r

    to run the code and input any number of A’s as we already know from the code above.
    Let’s input 63 A’s and 78 A’s and see the change in the result.

  • Step 7

    You can use python code to print A’s by typing after leaving the GDB.

    python -c "print 'A' * 63"


  • Step 8

    Now that we have 63 A’s let’s run the code and paste it when it ask’s us for the input.

    Let’s try the whole process again and this time let’s input any number of A’s let’s say 78.

    A cool way to do this can be

    python -c "print 'A' * 78" | ./overflow

    As we can see once the overflow occurs it changes the variable because of memory being leaked on the stack and changing values of variables

  • Step 9

    Let’s check the stack which it over writes, so we have to set a break point at

    main+39

    then type

    r

    and then we can type

    x/20s $rsp
    x : eXamine
    20s : 20 values in string
    $rsp : for register RSP (Stack Pointer)

    Hence we can see how 78 A’s are written on the stack and are overflowing the memory.



My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.