Hints for using Microsoft Visual Studio or Visual C++ Express for Buffer Overflows

The Microsoft Windows operating system and the Microsoft compilers take several steps to make buffer overflow exploits much more difficult.  The compiler puts “stack canaries” after data on the stack to help detect the storing of values past allocated limits.  Windows Vista and Windows 7 change the location of the program stack each time a program is executed.  While these features are extremely useful in protecting your program, they make the academic exercise of stack overflows more difficult.

The Windows XP and earlier operating systems do not randomly change the stack location.  If you run a program on Windows XP and determine the address of stack variables, these variables will have the same address the next time you run the program.  It is easier to attempt a stack overflow on Window XP.

You can turn off the Microsoft Visual Studio or Visual C++ Express compiler defenses by modifying the project properties.

Select Project Properties Configuration PropertiesC/C++Code Generation

Set Basic Runtime Checks to default

Set Buffer Security Check to No

When using Visual C++ Express version 2010, select Tools → Settings → Expert Settings

When using the debugger, you can find the address of functions and variables.  If you hover the mouse over a function name, it will display the address.  Hovering the mouse over a variable might display the variables address or contents.  You can generally get the address of an array.  When you are actively using the debugger, you can view any memory address.  Open the memory window by selecting:

Debug Windows MemoryMemory1

You can enter an address of your program in the Address field.  Since addresses are displayed in hexadecimal, you should enter the address in hexadecimal starting with “0x0”.