Buffer overflows, return address and offset

[Peter Bondra <kandm () cybermesa com>]

Hello:
I am testing the xlock vulnerability on a Sun Solaris 8(SPARC).  In the 
process, I realized that I need help to determine the return addresses and 
offset.  The code I scarfed off of the web worked as advertised on Solaris 
7(SPARC), but when I compiled/tested it on Solaris 8(SPARC), it 
segfaults.  ALso, I do not get a core file...well I may have at one time 
or another.

The exploit code is at: http://www.securiteam.com/exploits/5GP0D1F55W.html

For testing purposes, we have stack execution enabled even though I 
believe the exploit is a heap-based buffer overflow.

My question is: what steps should/could I take to determine the return 
address and other address-related variables, i.e, offsets, etc?   More 
specifically, what gdb commands will help and how do I interpret the gdb 
output?  Is "truss" useful to get the desired information and how do you 
use it?  Finally, are there other tools that are useful?  My fellow 
emloyees are suggesting that I use a loop and guess at the values until I 
get the desired result...

Thank you