error in the comparison of binaries in C

1

I have a Perl program that connects to a socket, receives binaries on this socket, reads the received binaries, compares with other binaries in a buffer so I know if there are any binaries in the buffer received in the socket. See:

perlProgram.pl

# some code here ...

my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => 666, Proto => 'tcp');   

$sock->sockopt(SO_LINGER, pack("ii", 1, 0));


# some code here for another porposes...
# ...


read($sock, $buff, 0xfffff);

close($sock);

if (($v = index $buff, "\xC7\x44\x24\x08\x03\x00\x00\x00\xC7\x04\x24\x00\x00\x00\x00\x89\x44\x24\x04") >= 0) {
    $offset = $v;

    printf "your offset is %08x\n", $offset;
} else {
    if (($v = index $buff, "\x89\x44\x24\x10\xA1\xBC\xA5\x0F\x08\x89\x44\x24\x04\xe8") >= 0) {
        $offset = $v;

    printf "your offset is %08x\n", $offset;
    } else {
        print "Could not find your binaries\n";
        exit;
    }
}


# more code here ...

This program in Perl runs perfectly, and I'm sure the binaries are coming from the socket, and that the binaries I want are in the buffer. So I wrote the same program in C, and here comes the problem: in C I can not check if the binaries in the socket buffer actually exist, as I'm sure they're coming but I can not programmatically check. See:

sameProgramInC.c:

// some code here ...

char binaries_1[]="\xc7\x44\x24\x08\x03\x00\x00\x00\xc7\x04\x24\x00\x00\x00\x00\x89\x44\x24\x04";
char binaries_2[]="\x89\x44\x24\x10\xa1\xbc\xa5\x0f\x08\x89\x44\x24\x04\xe8";

int indexOf(const unsigned char *data_buffer, const unsigned int length, const unsigned char *needle, const unsigned int needlelen) {
   unsigned int i, j, index=0;
   for(i=0; i < length-needlelen; i++) {
      if(data_buffer[i] == needle[0]){
         index=i;
         for(j=1; j < needlelen; j++){
            if(data_buffer[i+j] != needle[j]){
               index=0;
               break;
            }
         }
         if(index == i){
            return index;
         }
      }
   }
   return index;
}

int main(int argc, char *argv[]) {
   int sockfd, buflen;
   struct hostent *host_info;
   struct sockaddr_in target_addr;
   unsigned char read_buffer[0xfffff];

   if((host_info = gethostbyname(argv[1])) == NULL)
      fatal("looking up hostname");

   if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
      fatal("in socket");

   target_addr.sin_family = AF_INET;
   target_addr.sin_port = htons(PORT);   
   target_addr.sin_addr = *((struct in_addr *)host_info->h_addr);
   memset(&(target_addr.sin_zero), '
# some code here ...

my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => 666, Proto => 'tcp');   

$sock->sockopt(SO_LINGER, pack("ii", 1, 0));


# some code here for another porposes...
# ...


read($sock, $buff, 0xfffff);

close($sock);

if (($v = index $buff, "\xC7\x44\x24\x08\x03\x00\x00\x00\xC7\x04\x24\x00\x00\x00\x00\x89\x44\x24\x04") >= 0) {
    $offset = $v;

    printf "your offset is %08x\n", $offset;
} else {
    if (($v = index $buff, "\x89\x44\x24\x10\xA1\xBC\xA5\x0F\x08\x89\x44\x24\x04\xe8") >= 0) {
        $offset = $v;

    printf "your offset is %08x\n", $offset;
    } else {
        print "Could not find your binaries\n";
        exit;
    }
}


# more code here ...
', 8); // zero the rest of the struct if (connect(sockfd, (struct sockaddr *)&target_addr, sizeof(struct sockaddr)) == -1) fatal("connecting to target server"); // some code here for another porposes... // ... printf("\n\t Attempting to read memory of the server..."); bzero(read_buffer, sizeof(read_buffer)); read(sockfd, read_buffer, 0xfffff); index = indexOf(read_buffer, sizeof(read_buffer), binaries_1, sizeof(binaries_1)); if(index != 0){ printf("\n\t [+] your offset is 0x%08x", index); } else { index = indexOf(read_buffer, sizeof(read_buffer), binaries_2, sizeof(binaries_2)); if(index != 0){ printf("\n\t [+] your offset is 0x%08x", index); } else { printf("\n\t [-] Fail! Could not find your offset!"); } } // more code here

So this code in C does not run like my Perl code. There are no execution errors, only my code in C can not verify if the binaries are in the buffer as the Perl code does. I've tried using memmem() , memcmp() and strstr() , but they also do not work. Why does this occur? What's wrong? Is there something wrong with my indexOf() ?

I asked the same question in the international stackoverflow, if you want to respond there, feel free: errors in binary comparison in C

    
asked by anonymous 23.08.2014 / 22:36

1 answer

1

When sizeof(binaries_1) is specified as the length of the binary substring to be searched in the buffer, it includes zero to the right (string terminator). Then just change to sizeof(binaries_1)-1 that the problem is solved. A classic off-by-one error.

Credits: Anton Savin on stackoverflow.com

    
25.08.2014 / 03:38