Address is 3 bytes - need 4 bytes to overwrite RET

Question

I have an issue. The address for a function that I need to overwrite the RET to (buffer overflow) is only 3 bytes. However, I need 4 bytes to overwrite the RET exactly. What do I do?

erm, set the highest byte to zero? I'm not sure if i understand your question correctly, though, one or two more sentences would help. — Guntram Blohm, Jun 14 '15 at 08:12

score 0 · Accepted Answer · answered Jun 15 '15 at 08:01

0

If the architecture is 32-bit, every address must be 4 bytes so the function address you mentioned is not exception. but as high order 00 is not valuable (in math) it is not normally mentioned:

0x0041a82f --> 0x41a82f

You must overwrite your address in 4 bytes with former 00. but in many cases (especially string base overflow) it is a problem called "bad char", cause payload corruption. you have to fix this problem too. Good Luck!

answered Jun 15 '15 at 08:01

diener_k

108
8

Yep I'm facing the problem you mentioned now :) – user3893623 Jun 18 '15 at 19:31

Address is 3 bytes - need 4 bytes to overwrite RET

1 Answers1