Re: regarding phrack49's stack smashing tutorial

[sirsyko () MERGIOO ISHIBOO COM (Precious Roy)]

On Sat, May 13, 2000 at 08:56:41PM +0200, Christian Hammers wrote:
> Hello list
>
> I'm learning about stack overflows from Aleph's article in Phrack #49.
>
> Now I wonder about the following sentences:
>       "The answer is that for every program the stack will start at
>       the same address."
> Why does it and more specific *where*? I wrote some test programs and
> saw that is always 0xbffff6c6 +- 0xff. But it changes sometimes.
> What is so special about this 0xbffffffff address and by the way
> this address never fits into my 64M memory.... !

You are dealing with virtual memory, not direct memory locations.

The address of your stack may change depending on how your program is called.
For instance, if you write your exploit to do run with defaults, or with
arguments that change the said defaults, your program will have a different
address for the stack. Also, if you write your program, then later add a new
variable and compile it again, the address of the stack will change when the
new program is run. A good unix internals book should explain this better. Try
Advanced Programming in the Unix Environment by Stevens, or any other good
unix internals book. A quick websearch may have good results as well.

> If anybody know other documents which explains buffer overflows I would
> appreciate any information.

www.securityfocus.com and click on library, then click on vulnerabilities, ten
click on buffer overflows.

<ss>