<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Buffer Overflows

Buffer Overflows

From: <luck____at_hotmail.com>
Date: 29 Mar 2004 20:00:56 -0000

('binary' encoding is not supported, stored as-is) Hi hope someone could help me with a question I have. Why do many buffer overflow exploits use the %esp before the program has run as the return address? If im not wrong then the idea is to return into the buffer but the %esp before the program is run becomes %ebp during program execution and this is after the buffer in the stack? Would it not be better to return to (%esp before) - (length of buffer) which should place you at the start of the buffer assuming buffer is the first local variable to be declared (stack grows to lower addresses) This is really confusing me after I thought I had got my head round it.

Many Thanks
Received on Mar 29 2004

This message: [ Message body ]
Next message: . npguy: "Re: Buffer Overflows"
Previous message: mattmurphy_at_kc.rr.com: "ISS 'Witty' Worm Analyzed"
Next in thread: . npguy: "Re: Buffer Overflows"
Maybe reply: . npguy: "Re: Buffer Overflows"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos