Vulnerability Development mailing list archives
Buffer Overflows
From: <luck___ () hotmail com>
Date: 29 Mar 2004 20:00:56 -0000
Hi hope someone could help me with a question I have. Why do many buffer overflow exploits use the %esp before the program has run as the return address? If im not wrong then the idea is to return into the buffer but the %esp before the program is run becomes %ebp during program execution and this is after the buffer in the stack? Would it not be better to return to (%esp before) - (length of buffer) which should place you at the start of the buffer assuming buffer is the first local variable to be declared (stack grows to lower addresses) This is really confusing me after I thought I had got my head round it. Many Thanks
Current thread:
- Buffer Overflows luck___ (Mar 29)
- <Possible follow-ups>
- Re: Buffer Overflows . npguy (Mar 30)
- Re: Buffer Overflows Gerardo Richarte (Mar 30)