How can I get the eip register to point to memory address to execute my shellcode in the following program using buffer overflow?
static int __init onload(void)
{
void function1(char *arg1)
{
char buffer[10];
strcpy(buffer, arg1);
}
char *kernel_version = kmalloc(MAX_VERSION_LEN, GFP_KERNEL);
printk(KERN_WARNING "Hello world!\n");
// printk(KERN_EMERG "Version: %s\n", acquire_kernel_version(kernel_version));
find_sys_call_table(acquire_kernel_version(kernel_version));
printk(KERN_EMERG "Syscall table address: %p\n", syscall_table);
printk(KERN_EMERG "sizeof(unsigned long *): %zx\n", sizeof(unsigned long*));
printk(KERN_EMERG "sizeof(sys_call_table) : %zx\n", sizeof(syscall_table));
if (syscall_table != NULL) {
//function1("AAAAAAAAAAAAAAAAAAAAAAAAAAAB7F41B63");
original_write = (void *)syscall_table[__NR_write];
syscall_table[__NR_write] = &new_write;
write_cr0 (read_cr0 () | 0x10000);
.
.
so on...
}
Here is a link to the code (https://gitlab.tnichols.org/tyler/syscall_table_hooks/blob/master/src/hooks.c) and above I have displayed the position where I need to create a buffer overflow and point to my return address.
I tried the above code to overflow the buffer with 26 A's and then place make my return address point to "0xB7F41B63", but it does not replace my return address. Also my code cannot be debugged in gdb, so can anyone suggest a debugger to analyze the code step-by-step?
PS: my code doesn't have a main, I tried a different code with main with buffer overflow and it worked, but here when I inserted main with #include <stdio.h>
, it gives me errors that it can't find stdio.h. I installed the g++, but I can't upgrade / update my OS as I can't change the gcc version.