Say there is a buggy program that contains a sprintf() and i want to change it to a snprintf so it doesn t have a buffer overflow.. how do I do that in IDA??
You really don t want to make that kind of change using information from IDA pro.
Although IDA s disassembly is relatively high quality, it s not high quality enough to support executable rewriting. Converting a call to sprintf to a call to snprintf requires pushing a new argument on to the stack. That requires the introduction of a new instruction, which impacts the EA of everything that follows it in the executable image. Updating those effective addresses requires extremely high quality disassembly. In particular, you need to be able to:
Ida can t (reliably) give you that information. Also, if the executable is statically linked against the crt, it may not contain snpritnf, which would make performing the rewriting by hand VERY difficult.
There are a few potential workarounds. If there is sufficient padding available in (or after) the function making the call, you might be able to get away with only rewriting a single function. Alternatively, if you have access to object files, and those object files were compiled with the /GY switch (assuming you are using Visual Studio) then you may be able to edit the object file. However, editing the object file may still require substantial fix ups.
Presumably, however, if you have access to the object files you probably also have access to the source. Changing the source is probably your best bet.
Given some unknown input, how do you tell which variables are being substituted into a (s)printf statement? printf("%s %s", "a", "b"); // both used printf("%s", "a", "b"); // only the ...
if wanted to make a this method print using zero pad how do you do so int month, day; public void printNumeric() { System.out.printf("month +"/" +day +" "); // i would like the month if it is ...
I am using snprintf like this to avoid a buffer overrun: char err_msg[32] = {0}; snprintf(err_msg, sizeof(err_msg) - 1, "[ ST_ENGINE_FAILED ]"); I added the -1 to reserve space for the null ...
Here s an odd problem that s been stumping me for a bit. The program is written in C89, and it reads a file into a char* array 16 bytes at a time (using fread and a size of sizeof(char)). The file is ...
String formatting expressions: This is %d %s example! % (1, nice ) String formatting method calls: This is {0} {1} example! .format(1, nice ) I personally prefer the method calls (second ...
I have the following statement: printf("name: %s args: %s value %d arraysize %d ", sp->name, sp->args, sp->value, sp->arraysize); I want to break it up. I tried the following but it ...
I m looking for a way to pass in a FILE * to some function so that the function can write to it with fprintf. This is easy if I want the output to turn up in an actual file on disk, say. But what I ...
$cc a.c $./a.out < inpfilename I want to print inpfilename on stdout. How do I do that ? Thanks for the help in advance...
