Writeup

In do_overflow.asm:

  • line 37 -> sexy_var is at ebp - 16
  • line 47 -> start reading buffer at ebp - 89
  • 89 - 16 = 73 of 'A's
  • and 0x5541494D written in little-endian encoding

For exercise Stack Canary, when running objdump in main(), look carefully at the instruction at the addresses 4dc, as well as the code around it.

This site uses Just the Docs, a documentation theme for Jekyll.