Buffer Overflow exploit , overwriting function parameters including return address

2
votes

Assume we have a function

foo(char *name,int id)
{  
 printf ("%s%d",name,id);
}

Using buffer overflow, we replace the return address on the stack with foo function address. I was able to accomplish this.

How do i overflow function arguments too ? foo take two arguments , can someone please help me to understand how can i overflow these arguments using buffer overflow.

1
securitybuffer-overflowexploit
Why would you want to overwrite the arguments? Normally, you would just overwrite the return address and address some instructions that would lead to a jump to your shellcode. - Gumbo
yes your right ,but my purpose is not to jump to a shell code. Rather see if its possible to overwrite function arguments in the stack. - Krishna Nandula
to be more clear , when the function is called - can i give my own custom parameters to that function ? - Krishna Nandula

1 Answers

0
votes

Theoretically yes , arguments are pushed onto the stack when the function is called but then successful overwrite depends on the layout of the stack . Also from what your objective is you have to do it in a way so as not to corrupt the data in between.

The above code has another vulnerability too , think about it .