I am trying to create vulnerable applications to practice stack overflow
, SEH
vulnerabilities , but however I got this code. my main issue or struggling is how can I add SEH vulnerability to my code and pop a calculator? my original code it is vulnerable to stack overflow , but the the most action. it can be done is triggering jackpot()
function , how can I fix it ?
int game(int user_pick) {
int rand_pick;
if ((user_pick > 0 && user_pick <= 32000)) {
printf("Playing the game of chance..\n");
rand_pick = (rand() % 32000) + 1;
printf("You picked: %d\n", user_pick);
printf("Random Value: %d\n", rand_pick);
if (user_pick == rand_pick)
jackpot();
else
printf("Sorry, you didn't win this time..\n");
}
else {
printf("You must pick a value from 1 - 32000\n");
printf("Use help or -h for help\n");
return 0;
}
}
int jackpot() {
printf("You just won!\n");
printf("Congratulations!\n");
return 0;
}
void foo(char* input) {
int(*function_ptr) (int user_pick);
char buffer[20];
srand(time(NULL));
function_ptr = game;
strcpy(buffer, input);
if ((!strcmp(buffer, "help")) || (!strcmp(buffer, "-h"))){
printf("Help Text:\n\n");
printf("This is a game of chance.\n");
printf("To play, simply guess a number 1 through 32000\n");
printf("If you guess the number I am thinking of you win.\n");
}
else
function_ptr(atoi(buffer));
}
int main(int argc, char* argv[]) {
if (argc < 2) {
printf("Usage: %s <a number 1 - 32000>\n", argv[0]);
printf("use %s help or %s -h for more help.\n", argv[0], argv[0]);
exit(0);
}
foo(argv[1]);
return 0;
}