373 starts at address \pcode{0x0804852c} (top address in the 

   373 starts at address \pcode{0x0804852c} (top address in the 

   374 left column).

   374 left column).

   375 

   375 

   376 \begin{figure}[p]

   376 \begin{figure}[p]

   377 \lstinputlisting[language=C]{../progs/C2.c}

   377 \lstinputlisting[language=C]{../progs/C2.c}

   379 \end{figure}

   382 \end{figure}

   380 

   383 

   381 This kind of attack was very popular with commercial programs

   384 This kind of attack was very popular with commercial programs

   382 that needed a key to be unlocked. Historically, hackers first 

   385 that needed a key to be unlocked. Historically, hackers first 

   383 broke the rather weak encryption of these locking mechanisms.

   386 broke the rather weak encryption of these locking mechanisms.

   430 machine code, or even get the ready-made encoding as character

   433 machine code, or even get the ready-made encoding as character

   431 sequence. 

   434 sequence. 

   432 

   435 

   433 \lstinputlisting[language=C,numbers=none]{../progs/o2.c}

   436 \lstinputlisting[language=C,numbers=none]{../progs/o2.c}

   434 

   437 

   435 While not too difficult, obtaining this string is not entirely

   439 While not too difficult, obtaining this string is not entirely

   436 trivial using \pcode{gdb}. Remember the functions in C that

   440 trivial using \pcode{gdb}. Remember the functions in C that

   437 copy or fill buffers work such that they copy everything until

   441 copy or fill buffers work such that they copy everything until

   438 the zero byte is reached. Unfortunately the ``vanilla'' output

   442 the zero byte is reached. Unfortunately the ``vanilla'' output

   439 from the debugger for the shell-program above contains such

   443 from the debugger for the shell-program above contains such