Hello All, I have a problem.
Currently I’m learning module Stack-based buffer overflow on Linux x86 and get some issue.
When I’m trying to calculate offset i got the same as in tutorial, but when i try to calculate payload length then i get other than in tutorial value. We have total offset to overwrite EIP - 1040 bytes. For example we are using that code for calculate shellcode
run $(python -c 'print "\x55" * (1040 - 100 - 150 - 4) + "\x90" * 100 + "\x44" * 150 + "\x66" * 4')
buffer nops shellcode EIP
and we get this value in 0x66666666 in EIP register.
but when I try to run this code in my machine I get 0x44444444 instead. I thought that i need to decrease length of shellcode and figure out that I get 0x66666666 in EIP only when my shellcode length is 50 instead of 150, and then in summary I got 940 bytes to overwrite buffer but before when I calculated offset with msfvenom I had 1040 as in example. My payload looks like this
run $(python -c 'print "\x55" * 786+ "\x90" * 100 + "\x44" * 50 + "\x66" * 4')
buffer nops shellcode EIP
So, the main question is where is my 100 bytes lost?
UPD if i use for example \x22 instead of \x90 all is normal
I figured out that in memory instead of \x90 i see \xc2 \x90 how to solve this?