Re: Learning buffer overflow help

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 6 Jun 2007 19:30:37 -0000, erk_3 () hotmail com <erk_3 () hotmail com> wrote:
> Hello everyone,
>
> I have studied alot on buffer overflows and I understand the theory behind it.  Thing is, any example I follow says 
> once you can overwrite the EIP you can control the flow of the program (in a nutshell).
>
>
> So here's my really basic BOF:
>
>
> #include <stdio.h>
>
>         #include <string.h>
>
>         int main (int argc, char *argv[]) {
>
>                 char name[4];
>
>                 strcpy(name, argv[1]);
>
>                 printf(name);
>
>         }
>
>
> if you enter: 1234AAAABBBB  the eip is 0x42424242
>
>
> When i try to put in a return address though, such as 1234AAAA\xEE\xEE\xEE\xEE  it doesnt go to that address.  To my 
> understanding, shouldn't the fault come up at address 0xEEEEEE ?
>
> Sorry if this sounds stupid to some of you, but I think once i get around this little bump in the road I can be on my 
> way.

I am kinda new at this stuff as well, but did you try any other
locations? \xee might be considered "bad characters", kinda like \x00
and \x0a. AFAIK If you put an address that is also an instruction,
then you will mess up the stack.


-JP