I'm studying buffer overflow, and I'm trying to jump to the function 'confused' and then print out "done" at the end of main by performing buffer overflow.
#include<stdio.h>
#include<stdlib.h>
int i, n;
void confused(int i) {
printf("**Who called me? Why am I here?? *** %x\n ", i);
;
}
void shell_call(char *c) {
printf(" ***Now calling \"%s\" shell command *** \n", c);
system(c);
}
void victim_func(){
int a[4];
printf("\nEnter n: "); scanf("%d",&n);
printf("~~~~~~~~~~~~~ values and address of n locations ~~~~~~~~~~");
for (i = 0;i <n ;i++)
printf ("\n a[%d] = %x, address = %x", i, a[i], &a[i]);
printf("\nEnter %d HEX Values \n", n);
// Buffer Overflow vulnerability HERE!
for (i=0;i<n;i++) scanf("%x",&a[i]);
printf("Done reading junk numbers\n")
}
int main() {
printf("\n ~~~~~~~~~~~~~~~~~ Info Menu ~~~~~~~~~~~~");
printf("\n addrss of main %x", main);
printf("\n addrss of shell_cal %x", shell_call);
printf("\n addrss of confused %x", confused);
victim_func();
printf("\n done");
return 0;
}
What I did is I put 7 for n, and for 6th hex value I inserted the address of confused and for 7th the address of printf in main. It successfully prints out "done" after the confused function, but the program goes back to the start of main. I thought the program would terminate after printing out "done".
I just wonder if I did something wrong, or it is the way it should do.
