Nanjing University Computer Fundamentals (IV) Stomping Notes
Popularity:295 ℃/2024-08-05 18:04:55
Mark it with ida, where write_here is to randomize the address to prevent you from direct push. write_here stores the string of your uppercase cookie value, for example, my -u 1234 cookie is 0x6eecf91d, so here is "6EECF91D".
Then note that memcmp compares addresses, so you should push an address in your getbuf.
The input to the buffer should look like this, noting that my hex for "6EECF91D" is 0x43454536 0x44313946 [note the reversal].
Then push %esp to indicate the current address.
Notice that the first parameter in the stack frame is $ebp+8, so you have to press in a "return address", which in my case is a placeholder for 0x11111111.