以前在網上看到的,本身後來試着寫了一下,算是對緩衝區溢出的初步瞭解。函數
#include <stdio.h> #include <stdlib.h> //溢出以後調用的函數 void OverFlowFun() { printf("this is over flow function\n"); } //普通函數 void NormalFun(int iParam) { int iParamAddress = (int)&iParam; //參數地址 //函數調用結束的返回地址 //函數調用首先將參數壓棧,經過參數地址能夠獲取函數返回地址 //將該指針指向的內存內容修改成OverFlowFun函數指針,NormalFun函數調用結束後會調用OverFlowFun函數 int iReturnAddress = iParamAddress - 4; int iOverFlowFunAddress = (int)OverFlowFun; int* pAddress = (int*)iReturnAddress; *pAddress = iOverFlowFunAddress; //將返回地址修改成溢出函數的地址 printf("the param is %d\n", iParam); } int main() { NormalFun(10); return 0; }
運行結果:
this
the param is 10指針
this is over flow functioncode
(在WIN7 + VS運行,系統會提示異常,但結果確實運行出來了)orm