buffer-overflow - Read For Learn

Why I do get “Cannot find bound of current function” when I overwrite the ret address of a vulnerable program?

The debugger has knowledge about where the code for functions in your program begin and end, either because this information is provided in debugging data or because it uses any external symbols visible in the executable to provide rudimentary information. When the stack is in a proper state, it contains a return address to the … Read more

Why is the gets function so dangerous that it should not be used?

In order to use gets safely, you have to know exactly how many characters you will be reading, so that you can make your buffer large enough. You will only know that if you know exactly what data you will be reading. Instead of using gets, you want to use fgets, which has the signature (fgets, if it reads … Read more