“xor eax, ebp” being used in C++ compiler output

These are buffer overrun protection methods, and have nothing to do with compiler optimisation. MSVC will (if you specify the /GS switch) push a security cookie onto the stack near the return address so that it can detect a common case of stack corruption. Stack corruption can either be caused by bad code along the … Read more

Why does this memory address %fs:0x28 ( fs[0x28] ) have a random value?

Both the FS and GS registers can be used as base-pointer addresses in order to access special operating system data-structures. So what you’re seeing is a value loaded at an offset from the value held in the FS register, and not bit manipulation of the contents of the FS register. Specifically what’s taking place, is … Read more

Buffer overflow works in gdb but not without it

Exploit development can lead to serious headaches if you don’t adequately account for factors that introduce non-determinism into the debugging process. In particular, the stack addresses in the debugger may not match the addresses during normal execution. This artifact occurs because the operating system loader places both environment variables and program arguments before the beginning … Read more

How does a NOP sled work?

Some attacks consist of making the program jump to a specific address and continue running from there. The injected code has to be loaded previously somehow in that exact location. Stack randomization and other runtime differences may make the address where the program will jump impossible to predict, so the attacker places a NOP sled … Read more

What is the difference between a stack overflow and buffer overflow?

Stack overflow refers specifically to the case when the execution stack grows beyond the memory that is reserved for it. For example, if you call a function which recursively calls itself without termination, you will cause a stack overflow as each function call creates a new stack frame and the stack will eventually consume more … Read more

How to turn off gcc compiler optimization to enable buffer overflow

That’s a good problem. In order to solve that problem you will also have to disable ASLR otherwise the address of g() will be unpredictable. Disable ASLR: sudo bash -c ‘echo 0 > /proc/sys/kernel/randomize_va_space’ Disable canaries: gcc overflow.c -o overflow -fno-stack-protector After canaries and ASLR are disabled it should be a straight forward attack like … Read more