Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
format conversion problem in C
Posted by: Albino
Date: September 08, 2009 02:25PM

Hullo. I having trouble writing some proof-of-concept code in C. I'm finding it quite hard to explain too but here goes:
I can't find out how to convert a hexadecimal number (eg 0x7d673000) which has been stored as a string into a format that will be correctly interpreted by another program when used as its argument. Simply running system("./a.out 0x3935d000") seems to consistently put the value 0x39337830 into the memory. Once again; what I ideally want is a way of converting a value like 0x3935d000 into a format that will result in the value 0x3935d000 ending up in the memory of a program when run with that as its argument.
(no prizes for guessing what the code does)
Help would be greatly appreciated.

Options: ReplyQuote
Re: format conversion problem in C
Posted by: thrill
Date: September 08, 2009 05:36PM

A string is a string is a string..

for it to have a numerical value it needs to either be converted to 'int' or defined as one.

From what I remember...

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: format conversion problem in C
Posted by: Albino
Date: September 09, 2009 07:24AM

Cheers! By converting the value into an unsigned int I've managed to do the hocus pocus necessary to get it to write to the memory properly (re-arranging the order and sticking \x in front of each pair of characters). Now I just have one final problem.. the computer seems to ignore the value \x00 which makes writing the number 0x7d673000 bloody impossible. The nearest I can get is 0x7d6730 or 0x7d673001. For now I'll just hope the program doesn't notice.

Options: ReplyQuote
Re: format conversion problem in C
Posted by: Matt Presson
Date: September 09, 2009 10:10AM

Set the variable to 0x7d673001 and do pointer math to decrement it to the address you really want.


-Matt

Options: ReplyQuote
Re: format conversion problem in C
Posted by: Albino
Date: September 09, 2009 06:16PM

Matt Presson Wrote:
-------------------------------------------------------
> Set the variable to 0x7d673001 and do pointer math
> to decrement it to the address you really want.
Can't. I have no control of the string after it is passed to the other program. And, if I put \x00 in the string then that terminates it. Quite the conundrum.

Options: ReplyQuote
Re: format conversion problem in C
Posted by: thrill
Date: September 09, 2009 11:41PM

Can you give it a binary number and have the program convert to hex?

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: format conversion problem in C
Posted by: Matt Presson
Date: September 10, 2009 09:00AM

What I meant with my comment was to set the variable in your program to 0x7d673001. Then, still in your app, do the pointer math to decrement the value, and then pas the decremented value to the other app.

Another possibility is to first create the address location in decimal and then convert the number to hex before passing the value to the other program.


-Matt

Options: ReplyQuote
Re: format conversion problem in C
Posted by: Albino
Date: September 10, 2009 09:26AM

Thanks for the responses, please bare with me but I don't think I explained myself properly. The following program takes a single argument and prints it out. I am not able to modify this program in any way.
int main(int argc, char **argv){
char buf[8];
unsigned int value;
int value2;
strcpy(buf, argv[1]);
int* point = &buf;
printf("Input:'%p'\n", *point);
int a = 7;
}
The output that I desire is: Input:'0xceb85000'
And what I cannot find is any way of getting this output. The closest that I can get is by typing:
./a.out $(printf "\x01\x50\xb8\xce";)
Which generates the response:
Input:'0xceb85001'

If I type the logical
./a.out $(printf "\x00\x50\xb8\xce";)
Then I get the response:
Input:'0xceb850'

So no matter what I type I can't get the response Input:'0xceb85000'
I'm beginning to doubt that it is even possible.
If I/we do manage to solve this, I will post the full proof-of-concept code here as soon as it gets patched. Hopefully you'll find it interesting and will understand why I just didn't just post it to start with.

Options: ReplyQuote
Re: format conversion problem in C
Posted by: Matt Presson
Date: September 10, 2009 11:22AM

Try this.

call your app like this: ./a.out 3468185600

then recode your app like this:
int main(int argc, char **argv){
char buf[8];
char hexVal;
sprintf(buf,"%x",argv[1]);
int* point = &buf;
printf("Input:'%p'\n", *point);
int a = 7;
}


-Matt

Options: ReplyQuote
Re: format conversion problem in C
Posted by: Albino
Date: September 10, 2009 11:56AM

Matt:
./a.out 3468185600
generates:
Input:'0x38363433'

And I can't recode the program because it isn't mine.

Thrill: I tried octal and it didn't work:
./a.out $(echo -e "\0000\0143\0522\0000\0242")
generates:
Input:'0xa25263'
(I know that number isn't the same one as before but it should still end in 0)



Edited 1 time(s). Last edit at 09/10/2009 01:35PM by Albino.

Options: ReplyQuote


Sorry, only registered users may post in this forum.