Location>code7788 >text

Nanjing University Computer Fundamentals (IV) Stomping Notes

Popularity:295 ℃/2024-08-05 18:04:55
  • Mark it with ida, where write_here is to randomize the address to prevent you from direct push. write_here stores the string of your uppercase cookie value, for example, my -u 1234 cookie is 0x6eecf91d, so here is "6EECF91D".
  • Then note that memcmp compares addresses, so you should push an address in your getbuf.
  • The input to the buffer should look like this, noting that my hex for "6EECF91D" is 0x43454536 0x44313946 [note the reversal].
  • Then push %esp to indicate the current address.
  • Notice that the first parameter in the stack frame is $ebp+8, so you have to press in a "return address", which in my case is a placeholder for 0x11111111.