Jumps

The purpose of this demonstration is to show how user input can overflow a variable and change the value of adjacent memory locations. Your challenge is to enter data that will overflow a buffer allowing you to log into the imaginary system without knowing the password.

General explanation of simulations

· The simulated program’s console screen is shown in the upper right corner.

· The grid on the right represents the 256 bytes of simulated memory in a 16 by 16 grid.

· The program instructions occupy smaller addresses and are color coded to match the source code.

· A * in the program memory represents the current program counter location. An ‘X’ represents the return location of a function call.

· Return addresses appear on the stack as a ‘$’. Addresses on the stack are represented as a ‘&’.

· Local variables are allocated on the stack.

· An input box will appear at the top when the simulated program requests user input. You can only enter letters. At times it may be useful to input a character that overwrites an address on the stack. The ASCII code of the character will be used as the address in the 256 bytes of simulated memory.

· All library functions, such as gets() and puts(), are assumed to be compiled inline and therefore don't require a function call.







This stack overflow simulation was created by Dr. Kenneth A. Williams. It is a modification of a program created by Dr. Susan Gerhart under NSF Award No. 0113627