Breaking Sec

Code:

section .data

    msg: db 'Test',0

section .text

    global _start

_start:

    mov ecx,msg

    mov edx,4

    call _read

    mov ecx,msg

    call _print

    call _exit

;#################################################

;###################=-Functions-=#################

_read:

    mov eax,3

    mov ebx,0

    mov edx,4

    int 0x80

    RET

_print:

    mov eax,4

    mov ebx,1

    int 0x80

    RET 

_exit:

    mov eax,1

    mov ebx,0

    int 0x80

    RET

Example of what happens:

Code:

[Dean@Fedora-13 asm]$ nasm -f elf template.asm -o temp.o

[Dean@Fedora-13 asm]$ ld -s temp.o -o test

[Dean@Fedora-13 asm]$ ./test

1234echo Buffer overflow?

1234

[Dean@Fedora-13 asm]$ echo Buffer overflow?

Buffer overflow?

[Dean@Fedora-13 asm]$

I know my buffer is only 4 bytes. But is reading in 24, so is it forcing the terminal to read in the rest of the bytes? Anyone care to clear this up?

Okay, this is just a guess.
My theory is that it's allocating memory much bigger than you specified, just for BOF protection. So, try bigger amounts of data and see if that overflows it until you get a segfault.

Droidz

Machiavelli