getting address

hello,
currently, im doing an Overflow attack.
im having a problem of c and c++ coding.
i have a c coding to get memory address like:

1
2

char buf[10]
printf("My buf address is: %p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n"

with the code i can get a list of memory address of buf.
but now i want to convert it into c++ but i cant get the symbol %p and i try to use symbol &buf but this may result only 1 memory address and not all the 10 memory address of buf.

hamsterman (4538)

By "convert it into c++" you mean "use iostream" , right?
Well, then try this:

1
2
3

cout << "My buf address is: "
for(int i = 0; i < 10; i++)
    cout << &buf[i] << '\n';

michy (69)

yah, u got my idea... but the code didt works. It gives me funny characters... not like

1
2

0xffffffff
0xasfqwert

something like this..

blackcoder41 (1426)

uhm.. what output do you expect? for me that is correct output..

michy (69)

My objective is to make a buffer overflow.
I have a C code that makes buffer overflow:
This is just part of the function

Void overflow(const char* input){
char buf[10];
printf("My buf address is: \n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p");
strcpy(buf, input);
printf("Now my buf address is: \n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p");
}

now i wan to convert it into C++(iostream) but i dunno how i gonna replace %p in iostream by using &buf may just get an address only not like the code above will get 10 buf address.

My output i shud get is:

0x88C5ACA0
0x77COPE3A
0x66F934A8
0x00000003
0xAA03SIBS

something like this?

hope u understanding my explaination.

Last edited on

gcampton (861)

uhm.. what output do you expect? for me that is correct output..

What output did you get?, I didn't get memory addresses I got funny junk characters, not even ascii table....
or some random language. kind of like MS webdings print.

guestgulkan (2942)

This is a load of nonsense. Any output is garbage.

Void overflow(const char* input){
char buf[10];
printf("My buf address is: \n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p");
strcpy(buf, input);
printf("Now my buf address is: \n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p\n%p");
}

blackcoder41 (1426)

#include <iostream>
using namespace std;

int main(int argc, char* argv[]) {
    char buf[10];
    cout << "My buf address is: \n";
    for(int i = 0; i < 10; i++)
    cout << hex << showbase << (int)&buf[i] << '\n';
    return 0;
}

ignore my first post, i miss understood you..

michy (69)

hi blackcoder41,
The code you post is not working. It gimme error:
cast from 'char (*) [10]' to 'int' loses precision

and i have try changing (char*)&buf[i] and i can compile but still get funny characters.
and i have search the topic here and found out a code:
cout << hex << showbase << &buf << '\n';
and this line gets the output i wan but just one again =(
So i tried:
cout << hex << showbase << &buf[i] << '\n';
result giving me funny characters.
any idea to solve it?
and forgot to mention, im using ubuntu to do this program.

Last edited on

Disch (13742)

Wow

I can confirm michy's problem.

I just tried this on GCC on my Ubuntu machine and I don't get expected output at all.

What's more, I get different output when output to a file or to a stringstream:

int main(int argc,char* argv[])
{
    char buf[10];

    stringstream s;
    s << hex << showbase << &buf[0];

    string str = s.str();


    for(unsigned i = 0; i < str.length(); ++i)
    {
        cout << hex << setfill('0') << setw(2) << int(str[i]) << " ";
    }

    return 0;
}

04 08

You might notice that 04 08 would not produce actual text.

When I output directly to cout, I get jibberish. I'd paste the jibberish in here but I can't for the life of me figure out how the hell you copy from this console. Ctrl+C just seems to close it and there's no right click menu. (grumble grumble Linux)

On a semi-unrelated note, I've noticed that GCC scrwes up other output (specifically from typeid). I wonder if this is just a bug in the compiler/lib?

EDIT:

when I print to an fstream, the file contains this:

14 B0 BC 09

Note this is when I view the file in a hex editor (ie: the file is 4 bytes in size). That 4 bytes is not actual text, but is utter crap.

EDIT AGAIN:

Interestingly, blackcoder's suggestion of casting works fine:

int main(int argc,char* argv[])
{
    char buf[10];

    cout << hex << showbase << unsigned(&buf[0]);  // expected output

    return 0;
}

I get a warning about the cast, but it still compiles okay.

Last edited on

michy (69)

hi disch,
what do you mean by I get a warning about the cast, but it still compiles okay
I try to compile your code but get the same error...then how you run it?

EDITL
huh? i tried blackcoder's code visual studio 2008 and its work! omg? whats going on!

Last edited on

Disch (13742)

It's a legal cast, your compiler might just be set to too strict of settings (like maybe you have "treat warnings as errors" set or something).

Are you on a 64 bit machine? If you are then the pointer might be larger than unsigned. Try this:

1
2
3

typedef unsigned long long u64;

cout << hex << showbase << u64(&buf[0]);

EDIT:

Yeah I'm convinced this is a bug in the library implementation of the << operator (or some other part of ostream). This clearly is incorrect behavior and it's not difficult to reproduce.

I wonder who/where we should report it to or if there's already a fix.

Last edited on

michy (69)

ya..im using 64 bits =D...
but i get the output myself using
cout << hex << showbase << (int*)&buf[0];
this may display my expected result yeah~

EDIT!
i think im making a mistake!
my code just get the same hex value!!
LOL!

Last edited on

Disch (13742)

HAHAHAHAHAHHA

Oh... my... God.

I can't believe I didn't see that.

Of course. &buf[0] is a char* so it's printing the buffer as if it were a string!

Wow I feel like a dufus now.

Yeah casting to void* or int* or pretty much any other pointer type works as expected. Haw.

Can't win 'em all I guess XD

*wipes egg off face*

Topic archived. No new replies allowed.