Unit 3 Assignment 1: A Case Study

To explain this, we should already know that in real life scenarios, stack increases to lower memory addresses, whenever program calls some function, the address of function call instruction is saved in stack as a return for the function. When the function executes, it allocates local variables, including buffers to stack and they are given a lower address than the return address. So, in this scenario the return address is a certain level above the base address for buffers and if the buffer is overflowing, then it is most likely that an attacker can change return address as well. If the return address is changed to some random value, then it will cause segmentation fault, but if the return address is changed to a certain address where some executable code is present, then that may complete attackers intended tasks with the application.
Since, the majority of buffer overflow exploits is dependent upon string operations, there are generally two methods of injecting the code. The first method is to put the attack code in the buffer that is being overflowed, then setting return address to the address of the buffer. The second method involves filling the buffer with random memory address and shell codes, placing the attack code after the return address on the stack, then overwriting the return address with an instruction in the normal code or in a system library that will jump control to the stack pointer, which would be pointing to the location just after the return address. The actual command to jump control to the stack pointer does not have to be present in the code, just the equivalent machine code byte