EvilZone
Hacking and Security => Hacking and Security => : Matriplex June 25, 2014, 02:51:28 AM
-
I've decided to take a little vacation from my regular programming and get back into hacking a bit as I have a little bit of free time now. So I'm studing program exploitation now, and will be doing so for probably the next few months.
So I have a small program I am exploiting with a buffer overflow attack. There's an array "char array[8]", which is the vulnerability because I can send data to it. In order for it to overflow, I need to send exactly 16 characters. However, this makes no sense to me because afaik, a char takes up one byte. Therefore I should only have to send 8 characters, but instead I have to send double that amount.
Could someone explain the reason I have to send this particular amount?
Thanks.
Edit:
After a bit more in depth reading and testing, I've discovered that when that line is run the compiler creates 16 bytes of space for the variable (sub $0x10, %rsp). So now I understand why I have to put 16 characters in, however I still don't get why it creates that much space.
-
Hate to double post, but I am quite curious about this particular question.
-
That makes sense, thanks.
Is there any way to tell exactly how much you really need short of trial and error or an automated script?
-
Great, I'll check it out. Thanks for the help.
I also just discovered that your signature is a dick. Hats off to you sir.
-
Anytime and good luck :)
Also, I own the email 0x@383d3d44.com lol
You shouldnt post you email address in public bro.