Does anybody know where re开发者_如何转开发latively to the frame pointer is the return address of the function? Is there a difference between windows and unix?
thanks :)
It strongly depends on the architecture, compiler, etc.
Try dissasembling some toy programs and find out (see objdump in linux)
The return address is at EBP + 4 in your stack frame but you will not be able to use it like that in a buffer overrun since you do not yet control the flow of execution.
What you should be looking for is the distance of return address from the buffer. That is unique to each vulnerability and anything caught in between will need to be predicted or you will most likely just cause the process to dump.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论