Stack Overflow Labs
These simple simulations show how return addresses, parameters and local variables are stored on the stack.
Jumps - An introduction to how stacks are used to keep track of subroutine calls.
Stacks - A look at how C programs save return addresses, parameters and local variables on the stack.
Variable - Shows how user input can overflow variables and change the contents of other variables.
Smasher - Demonstrates how certain input can overwrite the return address of a function causing the program to execute code not in the normal execution flow.
Stack Guard - A demonstration of a how a “Stack Guard” can detect stack overflow exploits.
Creating Real Exploits
The following web pages allow you input specific data into a real C or C++ program to produce unexpected results. You will need to download the program and compile it with your favorite compiler.
Change Variable – Giving this program appropriate keyboard input can cause it overflow a short buffer and generate unintended results.
Easy Exploit – An appropriate input file will cause this program to execute a function that is not in the normal execution flow. The program prints program addresses to make it easier to hack.
Return Overflow – This challenge is very similar to the Easy Exploit, except the program does not print any information to assist in the exploit. Instead you will have to use a debugger to determine the necessary addresses.