Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Buffer Overflows

From: <luck___ () hotmail com>
Date: 29 Mar 2004 20:00:56 -0000


Hi hope someone could help me with a question I have. Why do many buffer overflow exploits use the %esp before the 
program has run as the return address? If im not wrong then the idea is to return into the buffer but the %esp before 
the program is run becomes %ebp during program execution and this is after the buffer in the stack? Would it not be 
better to return to (%esp before) - (length of buffer) which should place you at the start of the buffer assuming 
buffer is the first local variable to be declared (stack grows to lower addresses) This is really confusing me after I 
thought I had got my head round it. 

Many Thanks
Previous By Date Next
Previous By Thread Next

Current thread: