Author: jake2891, Posted: Mon Mar 29, 2010 11:51 am Post subject: help shed light on buffer overflow ---- Hey guys, ive been trying to execute my shellcode through an application that has a buffer overflow. my question is that it takes over 60000 "A's" to over flow the buffer and then only the eax,ecx,edx register states 41414141 no matter how long i make the string it never reaches the esp or ebp or eip? It does state access violation executing 4141414 so i know its hitting my code although i cant understand why i cant get esp or esb to point to my code. It does not have sseh it does seem to hit the default seh handler but no matter how long my buffer is it never seems to overwrite this and no warnings come up stating stack cookies was corrupted and i have disabled dep for the application for testing. any ideas thanks?
Author: gnix, Posted: Mon Apr 05, 2010 7:25 am Post subject: ---- Hello jake2891,
I am not sure what your problem is, but I think you are trying to overwrite the EIP in "strange" way.
Normally, a buffer is located in the heap or on the stack where sometimes is stored the EIP (return address of a function), but not the general purpose registers (EAX, EBX, etc.) except for the stack pointer. So, I don't understand how it is possible that you overwrite EAX, EBX, ECX, and EDX through a buffer.
Maybe, there are some instructions that load 0x41...41 in each register??
Post two or three outputs of GDB with the following commands and maybe I can help you.