Code:
#include <stdio.h>
void change_ret() {
char bug[5];
int *ret=(int *)(bug + 12);
ret +=26;
}
void main() {
change_ret();
printf ("Ovo radi ili ne radi\n");
exit(0);
}
#include <stdio.h>
void change_ret() {
char bug[5];
int *ret=(int *)(bug + 12);
ret +=26;
}
void main() {
change_ret();
printf ("Ovo radi ili ne radi\n");
exit(0);
}
(gdb) disas main
Dump of assembler code for function main:
0x080483c7 <main+0>: push %ebp
0x080483c8 <main+1>: mov %esp,%ebp
0x080483ca <main+3>: sub $0x8,%esp
0x080483cd <main+6>: and $0xfffffff0,%esp
0x080483d0 <main+9>: mov $0x0,%eax
0x080483d5 <main+14>: add $0xf,%eax
0x080483d8 <main+17>: add $0xf,%eax
0x080483db <main+20>: shr $0x4,%eax
0x080483de <main+23>: shl $0x4,%eax
0x080483e1 <main+26>: sub %eax,%esp
0x080483e3 <main+28>: call 0x80483b0 <change_ret>
0x080483e8 <main+33>: sub $0xc,%esp
0x080483eb <main+36>: push $0x80484a8
0x080483f0 <main+41>: call 0x80482cc
0x080483f5 <main+46>: add $0x10,%esp
0x080483f8 <main+49>: sub $0xc,%esp
0x080483fb <main+52>: push $0x0
0x080483fd <main+54>: call 0x80482ec
0x08048402 <main+59>: nop
0x08048403 <main+60>: nop
End of assembler dump.
(gdb)
(gdb) disas change_ret
Dump of assembler code for function change_ret:
0x080483b0 <change_ret+0>: push %ebp
0x080483b1 <change_ret+1>: mov %esp,%ebp
0x080483b3 <change_ret+3>: sub $0x10,%esp
0x080483b6 <change_ret+6>: lea 0xfffffff7(%ebp),%eax
0x080483b9 <change_ret+9>: add $0xc,%eax
0x080483bc <change_ret+12>: mov %eax,0xfffffffc(%ebp)
0x080483bf <change_ret+15>: lea 0xfffffffc(%ebp),%eax
0x080483c2 <change_ret+18>: addl $0x68,(%eax)
0x080483c5 <change_ret+21>: leave
0x080483c6 <change_ret+22>: ret
End of assembler dump.
(gdb)
Zasto nece da skrene tok izvrsavanja programa, kad sam lepo izracunao da ret treba da se pomeri za 26???