OK! That's it! I give up!<br>How the heck do you exploit the advanced buffer overflow (abo2.txt) in the vulnerable code section.<br><pre>
/* abo2.c *
* specially crafted to feed your brain by gera@core-sdi.com */
/* This is a tricky example to make you think *
* and give you some help on the next one */
int main(int argv,char **argc) {
char buf[256];
strcpy(buf,argc[1]);
exit(1);
}
</pre><br><br>There's no return address it uses, exit(1) causes that because ret is never reached! There's nothing under the buff local variable at the time that is is written.<br>Im running WinXP btw - I do have fedora core but FC has protections that work against me in my learning.
if you are on linux remember to do <br><br>echo -n \"0\" > proc/sys/kernel/randomize_va_space<br><br>on windows xp you want to overwrite the SEH record<br><br>and make it crash in some way.
Hello leben,<br><br>abo2 is not exploitable on x86 architecture because, as you already found out, the function does not return so you cant overwrite any ret address (at least i cant think of any method).<br>For other architectures where the stack grows from low to high it is possible to overwrite the strcpy() to exploit it.<br><br>Greets<br>matrixman