Generating shellcode - Submit the size of the stack space after overwritting the EIP as the answer.

Hello everyone, I find a bit of confussion in resolving that question.
I recon I must return the size between the EIP address and the last address of the stack (0xffffffff).
I understand and i think I get the basics of the stack, if someone could please point me out if I am wrong or where I am failing in some assumptions, I expose myself:
1- I generate the shellcode as following in the tutorial.
2- i execute the python instruction in order to adjust the exploit size.
My command is " run $(python -c β€˜print β€œ\x55” * (1040 - 124 - 95 - 4) + β€œ\x90” * 124 + β€œ\xda\xca\xba\xe4…[…]…\xad\xec\xa0\x04\x5a\x22\xa2” + β€œ\x66” * 4’)".
3- then i examine the stack, with it’s registers and it’s addresses, and I try to subtract the EIP address of the bowfunc (the current frame) minus the last address of the stack (0xffffffff).
4- there are 2 stack frames ( you can see this with the gdb β€œbt” command). And I have tried substracting both EIP registers with the last address of the stack (0xfffffffff). But I got no luck.

Am I calculating the space in a wrong way? Is this way of gathering this size of the stack space after the EIP okay?
Thanks a lot in advance,

Type your comment

I used the info proc all command to view the stack size

7 Likes

Type your comment> @Gabrielbd7 said:

I used the info proc all command to view the stack size

Thanks a lot!!!