0

enter image description here

the c code:

void overflow (char* inbuf)
{
  char buf[64];

  strcpy(buf, inbuf);
}

int main (int argc, char** argv)
{
    overflow(argv[1]);
    return 0;
}
Improve this question
1
  • 2
    please do not add code as an image next time Commented Feb 18, 2019 at 7:03

1 Answer 1

Reset to default
0

It actually does. The push operation is performed by the call instruction. This instruction will push the address of the next instruction, here the address is 0x21. From 0x21 to 0x28 you have your /bin/sh string which is, on your case, wrongly disassembled as x86 code. Last but not least, the linux x86 32-bit syscall calling convention doesn't use the stack at all. The parameters are passed through ebx, ecx, edx, esi, edi, ebp and the syscall number is stored in eax.

Improve this answer
1
  • A little correction: The code shown is the old calling convention using int 0x80 which uses afaik the stack for parameters and not the registers. The registers are only used for the new syscall convention. Commented Feb 18, 2019 at 20:45

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.