I am recreating the buffer overflow from http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Software/Buffer_Overflow/Buffer_Overflow.pdf and I would like to write a bash script that will gdb on my "stack" executable. The script will then make break points and grab the addresses of the begging (p &buffer) and end (p $ebp) of the buffer that the will be passed into ./exploit <&buffer, $ebp> as arguments.
When I run my script..
#!/bin/sh
gdb stack
b main
b 14
run
b 23
c
p &buffer
p $ebp
When I use it, gdb is opened on my executable. However, the rest of the script is not executed. I assume this is because gdb creates a new process. I have tried " gdb stack "$$" " to get gdb on the same process as my script, however unsuccessful.
Is what I am trying to do possible?
Edit:
New Script: This correctly outputs the addresses to the command line
#!/bin/sh
gdb stack << 'EOF'
b main
run
b 23
c
s
p &buffer
p $ebp
quit
EOF
How do I grab those addresses so I can pass them in as arguments to ./exploit?
Following line of my bash file will be..
./exploit <&buffer> <$ebp>
gdbexits, the shell running the script will attempt to run commandsb,run,c,p,buffer, etc. You need to redirect the subsequent lines to the input ofgdb; use a here documentgdb stack <<'EOF'followed by yourgdbcommands, and then a line containing onlyEOF(left justified).gdb) to a file:gdb <<'EOF' >gdb.outputto place the information ingdb.output. You will then have to worry about cleaning the data to get the two addresses. ASLR may mess things up for you — beware.p &buffer >buffer.out. But I make no promises — I've not read the manual.