What does %x do?
Tells printf to fetch whatever is at the top of the stack and interpret it as a hexadecimal number
What is %u used for?
Padding
What does %n do?
Writes the number of output characters to a memory address
What do we need to exploit the vulnerability?
- Distance from the buffer (offset)
- Location of shellcode (return address)
- Location of GOT entry to overwrite (return location)
- Split retaddr into incremental retlocs
What does the executable file contain in static vs dynamic linking?
Static: whole code, data of shared library
Dynamic: code, references to symbols to be used from shared libraries
What is the PLT?
Procedure Linkage Table
Used to call and external procedures/functions whose address is only known at run time, as an indirect layer to the invocation of library functions.
When a shared library function is called by a program it calls the address in the corresponding entry in the PLT
Read-only
What is the GOT?
Global Offset Table
Used to resolve addresses
A memory region that contains several function pointers, executables and shared libraries
Readable and Writeable
