Instruction pointer Overwrite
Arbitrary Instruction redirection
How it works ?
address | values
---------------+------------------------------------------------------------------
| +---------------- Function stack frame -------------------+
| | +------------- stack vars -------------+ +-saved ebp -+ |
0xffffd264 | | | 0x00000000 0x00000000 0x00000000 | | 0xffffd298 | |
| | +--------------------------------------+ +------------+ |
| +---------------------------------------------------------+
| +-------------------- main stack frame -------------------+
| | +-saved eip -+ +---- function params ---+ |
0xffffd274: | | | 0x565561dd | | 0x00000001 0x00000002 | 0x00000001 |
| | +------------+ +------------------------+ | address | values
---------------+------------------------------------------------------------------
| +---------------- Function stack frame -------------------+
| | +------------- stack vars -------------+ +-saved ebp -+ |
0xffffd264 | | | 0x41414141 0x41414141 0x41414141 | | 0x41414141 | |
| | +--------------------------------------+ +------------+ |
| +---------------------------------------------------------+
| +-------------------- main stack frame -------------------+
| | +-saved eip -+ +---- function params ---+ |
0xffffd274: | | | 0x41414141 | | 0x00000001 0x00000002 | 0x00000001 |
| | +------------+ +------------------------+ |Last updated