92

I typically run my program with:

perl -e 'print "A"x200' | ./vuln_prog

The stdin is consumed by a gets() function in C++.

If this were just a command argument, I could open gdb by doing:

gdb ./vuln_prog
run $(perl -e 'print "A"x200')

However, my scenario is not a command argument, but rather input (STDIN?). How would I debug this in gdb? I've tried a bunch of options, but nothing seems to really work.

I would normally just run gdb on the process, and when it prompts for user input, type it in, however I'm not wanting to type just "A". I want to type all chars from \x00-\xff, which I can't type.

Ciro Santilli Путлер Капут 六四事
  • 302,449
  • 85
  • 1,093
  • 879
mandreko
  • 1,716
  • 2
  • 12
  • 24
  • Why are you using `gets`? I mean sometimes it's acceptable (like if you're just writing a quick program to test something, or if the program will only be run with trusted input) but I'm curious. – flarn2006 Sep 19 '16 at 22:33
  • It was not my code. It was for a fun reverse engineering challenge, where the code was provided. – mandreko Sep 20 '16 at 12:28
  • Oh okay. Was `gets` intentionally used *because* it was vulnerable, like as part of a possible solution to the challenge? – flarn2006 Sep 21 '16 at 02:38
  • @flarn2006 Indeed it was the vulnerable function. I was able to do a buffer overflow due to it not bound-checking. – mandreko Sep 21 '16 at 14:02
  • 5
    `r < – thejonny May 06 '19 at 20:07

1 Answers1

118
gdb ./vuln_prog
run < filename_with_input
zed_0xff
  • 31,180
  • 7
  • 50
  • 72