Hey so I was trying to solve a problem for beginners ctf event.
And this is the code that I am trying to run.
#include <stdio.h>
#include <stdlib.h>
int main(){
int (*func)();
func = getenv("MYENV");
func();
return 0;
}
I created a MYENV environment like this :
export MYENV=ls
but on running the code, it throws a segmentation fault (core dumped). I don't understand why.
The func function is basically calling the environment variable whose value is a simple command that I set. Why is it throwing an error.
I'm very new at linux and shell, so I'm sorry if this is too naive.
In C, if you want to run a system command, you have to use the system function (or one of the exec functions but that's more complicated):
#include <stdio.h>
#include <stdlib.h>
int main() {
char* cmd = getenv("MYENV");
system(cmd);
return 0;
}
If you're looking to run arbitrary code, you can inject shell code into it:
export MYENV=$'\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80'
You can learn more here.
Related
I have made a library that handle strings in c.
I've added it in another project CMakeLists. Issue is that, whenever i want to call a function from that library, it crash.
However, if i call the same function from the library itself, no crash, the function call is handled properly.
I kept thinking that i did something wrong with my CMakeLists but as far as i'm aware and the different methods i used to arrive to the same conclusion, it doesn't look like it anymore.
I tried running the test in question in gdb and this is what it returned
Starting program: C:\Users\s\Documents\Repo\C\Projet\lib\rule\build\test-create-destroy.exe
gdb: unknown target exception 0xc0000135 at 0x7ffdfa70cf40
gdb: unknown target exception 0xc0000135 at 0x7ffdfa70cf40
Program received signal ?, Unknown signal.
0x00007ffdfa70cf40 in ntdll!RtlRaiseStatus () from C:\Windows\SYSTEM32\ntdll.dll
I've read that it could be an issue related to memory allocation errors, but if this was the case, why would i be able to call the function without any error directly from my library?
replit of fairly simple example: https://replit.com/#Mrcubix-Mrcubix/EmbellishedOldfashionedBaitware#lib/rule/src/test-create-destroy.c
Here is the function called in the library in question, to keep it simple:
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
typedef struct _String
{
unsigned int size;
char *string;
} String;
String *create_string(char *chr)
{
String *str = malloc(sizeof(String));
str->size = strlen(chr);
str->string = malloc(str->size + 1);
memcpy(str->string, chr, str->size);
str->string[str->size] = '\0';
return str;
}
void destroy_string(String *str)
{
free(str);
}
Here the second library i'm calling a function from which work as it's part of the same project:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <string-struct.h>
typedef struct _rule
{
String *premise;
String *conclusion;
} rule;
rule *create_rule(String *premise, String *conclusion)
{
rule *r = calloc(1, 16);
r->premise = premise;
r->conclusion = conclusion;
return r;
}
void destroy_rule(rule *r)
{
free(r);
}
here is the CMakeLists used by Rulestruct:
cmake_minimum_required(VERSION 3.0)
project("Rulestruct")
find_package(Stringstruct)
include_directories(${STRINGSTRUCT_INCLUDE_DIRS})
link_directories(${STRINGSTRUCT_LIB_DIRS})
add_library(rulestruct SHARED "${CMAKE_CURRENT_SOURCE_DIR}/src/rule-struct.c" "${CMAKE_CURRENT_SOURCE_DIR}/src/rule-struct.h")
target_link_libraries(rulestruct ${STRINGSTRUCT_LIBRARIES})
add_executable(test-create-destroy "${CMAKE_CURRENT_SOURCE_DIR}/src/test-create-destroy.c" "${CMAKE_CURRENT_SOURCE_DIR}/src/rule-struct.h")
add_dependencies(test-create-destroy rulestruct)
target_link_libraries(test-create-destroy rulestruct)
and finally, here is where i call the function from (test-create-destroy.c)
#include <assert.h>
#include <string-struct.h>
#include "rule-struct.h"
#include "rules-struct.inc"
int main(void)
{
String *premise = create_string("1 2"); // location of crash
String *conclusion = create_string("3"); // location of crash
/*rule *rule_A = create_rule(premise, conclusion);
assert(string_char_equal(rule_A->premise, "1 2"));
assert(!string_char_equal(rule_A->premise, "3"));
assert(string_char_equal(rule_A->conclusion, "3"));
assert(!string_char_equal(rule_A->conclusion, "1 2"));
destroy_rule(rule_A);*/
destroy_string(premise);
destroy_string(conclusion);
}
Here are screenshots of bin, lib and cmake-gui: https://imgur.com/a/3OdrC2D
I could probably fix it on every project provided i know what i did wrong and why,
So if anyone could provide further explanation then i'll glad to read it.
I will also take tips about issues or potential issues related to my CMakeLists as i have a hard time understanding any of it, needing to mix multiple examples and the documentation to have a very small bit of understanding of why something is done this or that way.
TLDR: Function called elsewhere than inside the library = crash, accept tips about other parts of the presented data (CMakeLists).
Gladly accept further explanation of the core of the issue.
I've recently downlaoded code blocks for mac and for some reason my code compiles with no errors but when I try to run it in terminal to see if it prints it doesn't print anything. This is my code. I have already downloaded x code and my program is able to build in code blocks but print f will not work. Can someone please give a solution to this problem.
#include <stdio.h>
#include <stdlib.h>
int main()
{
printf("Hello world!\n");
return 0;
}
I have seen similar posts in stackoverflow and other sites but I cannot find solution to my problem.
I have the following consoleout.sh file:
#!/bin/sh
#this way works in c:
#echo "Hello World!"
#but in function does not work:
a(){
echo "Hello World!"
}
Following C code:
#include <stdio.h>
#include <stdlib.h>
int main()
{
system(". consoleout.sh");
system("a");
return 0;
}
Without system("./consoleout.sh"), it works fine.
system() invokes a shell and waits for it to terminate. Another call to system() will create a different shell that starts from scratch.
To run your shell function, you need to do it from the shell where it was defined:
#include <stdio.h>
#include <stdlib.h>
int main()
{
return system( ". consoleout.sh; a" );
}
Each system calls a new instance of the shell, the second one doesn't know anything about the functions defined in the first one. You can, though, call the function in the first shell:
system(". consoleout.sh ; a");
I have Win7 Pro (32 bit) and CodeBlocks IDE.
I would like to know is there any way to detect line with a segmention fault in C. My code is PRIME1.c
I find somewhere on Stack Overflow that this is possible on linux in terminal, but I would like to do that in Windows.
Could anyone tell me how to do that?
Many thanks!
In other words, I would like to know how to use debugger from cmd in windows 7 and how it can tell me which line is problematic.
I just found this link
Determine the line of C code that causes a segmentation fault?
But, as you can see, this is for Linux.
I would like to know how can I do that in Windows cmd?
You can catch seg fault. But, unfortunately, can not handle this event anyhow or get any info about that fault (in standard way, there are workarounds specific for compilers). So, maybe put printf in every line with __LINE__ macro and just wait until it fails.
#include <signal.h>
#include <conio.h>
#include <stdio.h>
void listener(int sig) {
printf("listener: access violation");
_getch();
}
void main() {
char a = 10;
char *p = &a;
signal(SIGSEGV, listener);
do {
printf("%d", *p++);
} while (1);
_getch();
}
Today , When i coding, met a question..my Code as follow:
#include<stdlib.h>
void main()
{
system("dir");
getch();
}
The question : The user Screen is nothing..Why ? where is my result?
If you want the output when using system, at least into something you can read in your application, you need to pipe the output:
system("dir > /tmp/output.txt");
FILE *f = fopen("/tmp/output.txt", "r");
char text[1024]; // max sizeof of 1 kb, any more and I'd consider using `malloc()` instead.
fread(text, 1, 1024, f);
printf("%s\n", text);
fclose(f);
There are some problems in your program, at least one of which has already been mentioned.
void main() should be int main(void).
As I recall, the Windows/DOS getch function is declared in <conio.h>; you should have a #include directive for it. Be aware that both <conio.h> and getch are non-standard.
Since main returns int, you should return an int result.
But none of these problems explain the problem you're seeing.
With these changes:
#include <stdlib.h>
#include <conio.h>
int main(void)
{
system("dir");
getch();
return 0;
}
This should work; it should show a directory listing of whatever directory your program runs in (which is determined by TC; I don't know the details).
It's possible that the program is running in an empty directory, which means the dir command wouldn't show any files, but it should still produce some output.
Try commenting out the system() call and adding a printf call (note the added #include <stdio.h>):
#include <stdio.h>
#include <stdlib.h>
#include <conio.h>
int main(void)
{
printf("Hello, world\n");
getch();
return 0;
}
This should open a console window, print "Hello, world" in it, and wait for you to type Enter.
If you still don't see any output (either no console window, or a console window with nothing in it), then you have a problem that's not related to the system() call. Most likely the problem has to do with the way you're using Turbo C (I presume that's what "TC" stands for).
The main function in every C program is supposed to return an int you are returning void
Change void to int:
#include<stdlib.h>
int main()
{
system("dir");
getch();
}
When I tested, the dir command ran in my console and printed to standard out.
May be he is the running the program directly in the Turbo C IDE and hence his output is not visible. If he runs the program directly from cmd line it works. I remember you need to run Alt - F5 or some other combination to see the output window in Turbo C++