Exploitation, Training

Compile a simple vulnerability on modern Windows

Visual Studio 2015

  • Open Visual Studio.
  • Project Properties -> General -> Platform Toolset: Visual Studio 2010 (v100)
    or Windows7.1SDK
  • Project Properties -> C/C++ -> Optimization -> Optimization: Disabled (/Od)
  • Project Properties -> C/C++ -> Code Generation -> Security Check: Disable Security Check (/GS-)
  • Project Properties -> C/C++ -> Advanced -> Compile As: Compile as C Code (/TC)

Mingw-w64

https://mingw-w64.org/doku.php

gcc -o vuln.exe vuln.c

Vulnerability Sample Code

#include <stdio.h>
#include <string.h>
 
int main(int argc, char *argv[])
{
  char buffer[64];
 
  if(argc>2)
  {
    printf("Please supply at least one argument.\n");
    return 1;
  }
 
  strcpy(buffer, argv[1]);
  return 0;
}