The purpose of this demonstration is to show how user input can overflow a variable and change the value of adjacent memory locations. Your challenge is to enter data that will overflow a buffer allowing you to log into the imaginary system without knowing the password.
General explanation of simulations
· The simulated program’s console screen is shown in the upper right corner.
· The grid on the right represents the 256 bytes of simulated memory in a 16 by 16 grid.
· The program instructions occupy smaller addresses and are color coded to match the source code.
· A ‘*’ in the program memory represents the current program counter location. An ‘X’ represents the return location of a function call.
· Return addresses appear on the stack as a ‘$’. Addresses on the stack are represented as a ‘&’. Simple data types (such as char) are passed by value where the value of the parameter is copied to the stack. Complex data types (such as arrays) are passed by reference where the address of the parameter is pushed on the stack.
· Local variables are allocated on the stack.
· An input box will appear at the top when the simulated program requests user input. You can only enter letters. At times it may be useful to input a character that overwrites an address on the stack. The ASCII code of the character will be used as the address in the 256 bytes of simulated memory.
· All library functions, such as gets() and puts(), are assumed to be compiled inline and therefore don't require a function call.
This stack overflow simulation was created by Dr. Kenneth A. Williams. It is a modification of a program created by Dr. Susan Gerhart under NSF Award No. 0113627