As a preamble, this is a for a school assignment and thus for educational purposes.
I'm trying to use a buffer overflow vulnerability to inject a return address that points to a function. The twist is, the function needs an argument that should be stored in edx when it executes. My idea is to use the following assembly code:
mov $0xdeadbeef, edx push $0xabcdef ret
where deadbeef is the value I need and abcdef the address of the function.
I constructed a payload that is as follows: 2 bytes of padding, 15 bytes of shellcode, another 7 bytes of padding, 4 bytes of the return address in the stack (basically I'm sending back the pointer to what I just input into the buffer and tell him to interpret it as instructions). I've been trying for hours but it seems to simply not work (segfault). Any ideas/pointers?
User contributions licensed under CC BY-SA 3.0