Re: Some help With BOF Exploits Writing.

From: xenophi1e <oliver.lavery(at)sympatico.ca>
Date: Fri Aug 08 2003 - 11:54:50 EDT

('binary' encoding is not supported, stored as-is)
In-Reply-To: <200308071347.h77DlYAa018973@mailserver3.hushmail.com>

> So you are saying that the return address will be the same on my local

It's not luck at all, it's very intentional. Modern OSs use virtual memory, which gives each executing process it's own distinct memory map. For various reasons, it's really handy to have stuff, particularly code pages, always be at the same address, so that is how the OS is designed.

One good reason is dynamic linking. When the OS loads an application, it actually links together an .exe and a bunch of .dlls in memory. If the dll functions always reside at the same memory addresses this linking is easy. If the dll functions change addresses it is more complex and time consuming. So on a given OS, for a given DLL, addresses don't change much.

> If you don't mind: When you say "find the return address"; is that

ESP is the stack pointer. I didn't read the original message but I guess he was refering to the value of the return address stored on the stack. Read http://www.phrack.org/show.php?p=49&a=14 .

~x Received on Fri Aug 8 18:01:07 2003