A simple C program was created to demonstrate a basic overflow example. Two buffers and a variable are created, filled normally and then overwritten with the contents of the argument pushed to them.

The Source Code

A int variable is created with the value of 5, two char buffers also were created, with a size of 8 bytes each. Using the String Copy API (Strcpy) the strings “one” and “two” were placed into buffer one and two.

I created printf statements to show the before and after contents of these buffers plus the int variable.

Debugging using IDA PRO

The goal is to overwrite these buffers with the contents I give them. We step through the program line by line using Ida Pro debugger. In Ida pro you can add parameters while being debugged, go to Debugger -> Process Options and fill in the Parameters field, in my case I filled it with a line of ‘a’s.

The second stage is now to replace the contents of these buffers and variable with ‘a’s. Only one buffer needs to be overwritten, when that is filled the ‘a’s will overlap into the second buffer, when that is filled it will replace the content of the variable with ‘a’s also.

Before (buffer_two holds the letters “two”) and After (buffer_two is now filled with a’s)

As we can see in the assembly the contents of the buffers are being overwritten with the contents of the parameters. Buffer_two is filled with ‘a’s than overlaps into buffer_one and overlapping into the int variable. When the program is completed we can see the ‘a’s” have overwritten each buffer plus the variable. The final printout shows the following: