Stack Overflow Labs

Stack Simulations

These simple simulations show how return addresses, parameters and local variables are stored on the stack.

Jumps - An introduction to how stacks are used to keep track of subroutine calls.

Stacks - A look at how C programs save return addresses, parameters and local variables on the stack.

Variable - Shows how user input can overflow variables and change the contents of other variables.

Smasher - Demonstrates how certain input can overwrite the return address of a function causing the program to execute code not in the normal execution flow.

Stack Guard - A demonstration of a how a “Stack Guard” can detect stack overflow exploits.

Creating Real Exploits

The following web pages allow you input specific data into a real C or C++ program to produce unexpected results. You will need to download the program and compile it with your favorite compiler.

Change Variable – Giving this program appropriate keyboard input can cause it overflow a short buffer and generate unintended results.

Easy Exploit – An appropriate input file will cause this program to execute a function that is not in the normal execution flow. The program prints program addresses to make it easier to hack.

Return Overflow – This challenge is very similar to the Easy Exploit, except the program does not print any information to assist in the exploit. Instead you will have to use a debugger to determine the necessary addresses.