C Code how to change return address in the code?

Question

I just wrote a C Code which is below :

#include
#include


void func(char *str)
{
        char buffer[24];
        int *ret;
         


        

Answer 1

The return address from func is on the Stack, right near its local variables (one of them is buffer). If you want to overwrite the return address, you have to write past the end of the array (possibly to buffer[24...27] but i am probably mistaken - could be buffer[28...31] or even buffer[24...31] if you have a 64-bit system). I suggest using a debugger to find out the exact addresses.

BTW get rid of the ret variable - you accomplish nothing by having it around, and it might confuse your calculations.

Note that this "buffer overrun exploit" is a bit hard to debug because strcpy stops copying stuff when it encounters a zero byte, and the address you want to write to the stack probably contains such a byte. It will be easier to do it like this:

void func(char *str)
{
    char buffer[24];
    sscanf(str, "%x", &buffer[24]); // replace the 24 by 28, 32 or whatever is right
}

And give the address on the command-line as a hexadecimal string. This makes it a bit more clear what you're trying to do, and easier to debug.