![[Previous Chapter]](pprev.gif)
![[Previous Page]](prev.gif)
![[Contents]](up.gif)
![[Next Page]](next.gif)
|
|
|
 | The saved return address that we can manipulate
by the buffer overrun is used by the function that
called us when it executes a return statement.
|
| The goal is to change the return address to
the address within a buffer we flooded before
with malicious code.
|
| This allows us to execute arbitrary code
with the privileges of the process as long
as the code fits into the buffer.
|
|
|
| Copyright © 2001, 2002 Andreas Borchert, converted to HTML on April 07, 2002 |