When a function is called,the parameters of it and a address will be pushed in to the stack.This address(let us call it RET) points to a instruction which will be executed next if the function call didn’t happen.Then internal variables of the called function will be pushed into the stack. The later something is pushed to the stack,the lower the logic address of it in the memory will be.So the internal variable has lower address than RET.If we set the the value of the internal variable longer that it should be,we can override the value of the RET.Then the program will execute the instruction pointed by the RET,which is modified by us.
How to run this c program
On windows OS,you’d better use mingw to compile it.A [mingw-get-inst-20120426.exe] is provided here.
Download: buffer_overflow.zip | Mirror