Introduction To Bufferoverflow

Google+ Pinterest LinkedIn Tumblr +

In computer security and programming, a buffer overflow, or
buffer overrun, is an anomaly where a program, while
writing data to a buffer, overruns the buffer’s boundary and
overwrites adjacent memory. This is a special case of
violation of memory safety.
Buffer overflows can be triggered by inputs that are designed
to execute code, or alter the way the program operates. This
may result in erratic program behavior, including memory
access errors, incorrect results, a crash, or a breach of system
security. They are thus the basis of many software
vulnerabilities and can be maliciously exploited.
Programming languages commonly associated with buffer
overflows include C and C++, which provide no built-in
protection against accessing or overwriting data in any part of
memory and do not automatically check that data written to
an array (the built-in buffer type) is within the boundaries of
that array. Bounds checking can prevent buffer overflows.

I know that you have a lot of questions
What is the reason of this Crazy bug?
> it’s an Error of programming.(Writing Codes)
Is it important to learn ; it’s just small stupid exploit ?
>this type of exploit how make difference between Professional Hackers and Normal
Hackers. I will explain that in Lesson 4 😉 .
Can u give me a Technical description
A buffer overflow occurs when data written to a buffer, due to insufficient bounds checking, corrupts
data values in memory addresses adjacent to the allocated buffer. Most commonly this occurs when
copying strings of characters from one buffer to another.
Basic example
In the following example, a program has defined two data items which are adjacent in memory: an 8-
byte-long string buffer, A, and a two-byte integer, B. Initially, A contains nothing but zero bytes, and B
contains the number 1979. Characters are one byte wide.
variable name A B
value [null string]1979
hex value 00 00 00 00 00 00 00 00 07 BB
Now, the program attempts to store the null-terminated string “excessive” in the A buffer. By failing to
check the length of the string, it overwrites the value of B:
variable name A B
value ‘e’ ‘x’ ‘c’ ‘e’ ‘s’ ‘s’ ‘i’ ‘v’ 25856
hex 65 78 63 65 73 73 69 76 65 00
Although the programmer did not intend to change B at all, B’s value has now been replaced by a
number formed from part of the character string. In this example, on a big-endian system that uses
ASCII, “e” followed by a zero byte would become the number 25856. If B was the only other variable
data item defined by the program, writing an even longer string that went past the end of B could cause
an error such as a segmentation fault, terminating the process.


About Author

Leave A Reply