erk_3hotmail.com
Date: Wed Jun 06 2007 - 14:30:37 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello everyone,
I have studied alot on buffer overflows and I understand the theory behind it. Thing is, any example I follow says once you can overwrite the EIP you can control the flow of the program (in a nutshell).

So here's my really basic BOF:

#include <stdio.h>
        #include <string.h>
        int main (int argc, char *argv[]) {
                char name[4];
                strcpy(name, argv[1]);
                printf(name);
        }

if you enter: 1234AAAABBBB the eip is 0x42424242

When i try to put in a return address though, such as 1234AAAA\xEE\xEE\xEE\xEE it doesnt go to that address. To my understanding, shouldn't the fault come up at address 0xEEEEEE ?
Sorry if this sounds stupid to some of you, but I think once i get around this little bump in the road I can be on my way.

Thanks for your help,
Eric

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]