attacklab
缓冲区大小 0x28
返回地址转到touch1处
输入0x28字节填满缓冲区,返回地址填入c0 17 40 00
11 11 11 11(这里是四个字节)前面0x28随便填,最后是c0 17 40 00
The program HEX2RAW will enable you to generate these raw strings.
HEX2RAW expects two-digit hex values separated by one or more white spaces. So if you want to
create a byte with a hex value of 0, you need to write it as 00. To create the word 0xdeadbeef
you should pass “ef be ad de” to HEX2RAW (note the reversal required for little-endian byteordering).unix> ./hex2raw < ctarget.l2.txt | ./ctarget
touch2:
函数的第一个参数在寄存器%rdi中传递,应该注入代码使得寄存器设置为cookie的值,然后ret到