缓冲区溢出攻击原理
缓冲区是程序运行的时候机器内存中的一个接连块,它保留了给定类型的数据,随着动态分配变量会出现问题。大多时为了不占用太多的内存,一个有动态分配变量的程序在程序运行时才决议给它们分配多少内存。这样想下去的话,如果说要给程序在动态分配缓冲区放入超长的数据,它就会溢出了。一个缓冲区溢出程序使用这个溢出的数据将汇编语言代码放到机器的内存里,通常是产生root权限的当地,这就不是什么好景象了。仅仅就单个的缓冲区溢出招眼,它并不是最大的问题底层地点。但如果溢出送到可以以root权限运行命令的区域,一旦运行这些命令,那可就等于把机器拱手相让了。本资料共包括以下附件:缓冲区溢出.doc
包括多个文件,请自行下载检测!
(A buffer is a contiguous block of machine memory that holds data of a given type while a program is running, and problems arise with dynamic allocation of variables. Most of the time, in order not to take up too much memory, a program with dynamically allocated variables decides how much memory to allocate to them when the program runs. If you think about it this way, if you want to put extra-long data in the dynamically allocated buffer for the program, it will overflow. A buffer overflow program uses the overflowed data to place assembly language code in the machine's memory, usually where root privileges are generated, which is not a good picture. As far as a single buffer overflow is concerned, it's not the biggest problem at the bottom. But if the overflow is sent to an area where commands can be run with root privileges, once those commands are run, it is tantamount to handing over the machine. This document includes the following attachments:
buffer overflow.doc
Including multiple files, please download and test by yourself!)
页:
[1]