/* file: experiment2.c
   -------------------
   author:  Ted Baker
   version: $Version$
   last modified by: $Author: cop4610 $ on: $Date: 2002/08/21 19:27:43 $
   purpose: demonstrate linux/x86 stack modification to exec /bin/ls
*/ 

#include <unistd.h> 
#include <stdio.h> 
#include <errno.h> 
#include <string.h>

#define EXEC_PROGRAM "/bin/ls"
#include "execwrapper.i"

#define SAFETY_MARGIN 60
#define RETURN_ADDRESS_OFFSET 28

void sub () {
  char buf[10];

  /* copy execwrapper code onto stack via overflow of buf */
  strncpy (buf + SAFETY_MARGIN, (char *) execwrapper, EXECWRAPPER_SIZE);

  /* overwrite return address with entrypoint of execwrapper */
  *((int *) &buf[RETURN_ADDRESS_OFFSET]) = (int) (buf + SAFETY_MARGIN);
}

int main (int argc, const char **argv) { 
  sub ();
  fprintf (stderr, "done.\n");
  return 0;
}