Exploit Lab (C Memory Safety Demos)

A beginner-friendly C lab for observing unsafe input, safer input handling, stack layout, deterministic overflow side effects, and conceptual control-flow changes.

Overview

This project is built for learning, not exploitation. Each demo is small enough to read quickly and focused enough to show one memory-safety idea at a time.

Core demos:

• vuln_buffer_overflow: shows why scanf("%s", ...) is dangerous with fixed-size buffers.
• safe_input_demo: contrasts that behavior with bounded input using fgets(...).
• stack_layout_demo: prints local and parameter addresses so you can inspect stack-frame layout.
• overflow_behavior_demo: safely simulates how an unbounded copy can spill past a buffer into adjacent bytes.
• control_flow_simulation: demonstrates how changing a function pointer changes executed code.

What Improved

The project now behaves like a real teaching lab instead of a compile-only collection of demos:

• The overflow demo is deterministic and no longer relies on real undefined behavior just to explain overwrite effects.
• Each demo exposes a reusable run_* entry point through src/demo_programs.h, which makes the demos testable without changing their CLI behavior.
• A runtime smoke-test harness in tests/demo_runtime_checks.c validates the expected output of every stable demo.
• The Makefile now supports make check, and CI uses the same project-owned verification path instead of duplicating compile commands by hand.

Project Structure

exploit-lab-cpp/
|- src/
|  |- demo_programs.h
|  |- vuln_buffer_overflow.c
|  |- safe_input_demo.c
|  |- stack_layout_demo.c
|  |- overflow_behavior_demo.c
|  |- control_flow_simulation.c
|- tests/
|  |- demo_runtime_checks.c
|- docs/
|  |- demo.md
|  |- gdb-guide.md
|  |- lab-exercises.md
|  |- memory-layout.md
|  |- protections.md
|  |- advanced-concepts.md
|- archive/
|- .github/workflows/
|- Makefile
|- project.md
|- README.md

Build

Prerequisites:

• GCC
• Make or mingw32-make
• Optional: GDB

Linux/macOS:

make

Windows (MinGW):

mingw32-make

Verify

Strict compile verification:

make verify

End-to-end compile plus runtime verification:

make check

Windows (MinGW):

mingw32-make check

Run The Demos

Linux/macOS:

./vuln_buffer_overflow
./safe_input_demo
./stack_layout_demo
./overflow_behavior_demo
./control_flow_simulation

Windows:

.\vuln_buffer_overflow.exe
.\safe_input_demo.exe
.\stack_layout_demo.exe
.\overflow_behavior_demo.exe
.\control_flow_simulation.exe

Example Output

overflow_behavior_demo

[overflow_behavior_demo] Deterministic overflow impact demo
Value of x before input: 10
Enter input: AAAAAAAAAAAAAAAAAAAAAA
Input length: 22
WARNING: Input length (22) exceeds buffer capacity (15).
Simulated bytes written past buffer: 4
Bytes that reached adjacent int: 4 of 4
Adjacent int bytes after simulation: 41 41 41 41
Value of x after simulated copy: 1094795585
Buffer preview: AAAAAAAAAAAAAAAA

control_flow_simulation

[control_flow_simulation] Conceptual control-flow demo
Calling through function pointer (before change):
safe_function(): normal control flow path.

Simulating conceptual pointer corruption by manual reassignment...
Calling through function pointer (after change):
target_function(): alternate control flow path.

Why This Matters

• You can compare unsafe and safe input paths directly.
• You can study memory layout concepts without needing exploit code.
• You can reproduce the same learning signals in CI and on contributor machines.

Disclaimer

This repository is for educational and defensive learning only.