Format String Attack
Well, I started learning an attack called "Format String Attack" for demonstration purpose. To do so, I'm using this reference "http://muse.linuxmafia.org/lost+found/format-string-attacks.pdf". However, when I run the testing program cited there with the "aaaa %x %x %x %x %x %x %x %x %x" as its argument, I don't see the 1 that should have been printed. Instead, the output is something like:
buffer (49): aaaa 0 0 0 bf821020 bf820ff0 8048226 0 1 61616161
x is 1/0x1 (@ 0xbf820f68)
I would like to know what are those values "0 0 0 bf821020 bf820ff0 8048226 0" I have before I read the stack's elements (the value of x et the hexadecimal output of "aaaa") ? I have been testing it, on a backtrack 2, Debian 3.1 et fedora 7 (kernel 2.6) and I obtain similar results. Any explanations ??