Thank you very much,you help me a lot.
At 2014-09-10 10:12:54, "Paul Marinescu" <***@imperial.ac.uk> wrote:
No, there is no such function.
This paper http://security.ece.cmu.edu/aeg/aeg-current.pdf discusses the problem in detail.
On 10 Sep 2014, at 14:34, Jonathan NeuschÃ€fer <***@gmx.net> wrote:
On Wed, Sep 10, 2014 at 09:56:19AM +0800, é«å€åš wrote:
Is there any function that gives us the distance between the buffer and the
return address?I'm trying to detect buffer overflow.In order to make sure the buffer overflow detected is a dangerous one,I want to know if the overflowed string overlap the return address.For example,//////////////////////////.....(other code)char a;char b;klee_make_symbolic(b)strcpy(a,b);////////////////////////I want to know the distance between a and the return address.Sorry for my poor english...Anyone can help me?
Many thanks in advance.
I am not very familiar with KLEE, but the distance of a stack variable
to the return address depends on the compiler, the CPU architecture and
maybe the operating system. Furthermore, today's compilers may use stack
canaries to make exploitation harder in case the return address is
If you've found a buffer overflow and want to know if it will be able to
overwrite the return address you should probably disassemble the
compiled program (or ask the compiler to give you the intermediate
assembler code), and then check this yourself. A debugger may also help.
If you've found a bunch of buffer overflows and are thinking about which
of them you will fix, please fix all of them.
Hope that helps,