
acter. Line 3 overwrites the saved return address with the address of our CALL EAX
instruction. Line 4 appends 1000 bytes of the 0xCC character to the end of the attack
string. When the processor hits the 0xCC opcode directly following the return address, the
process should halt, and we can calculate the amount of space available for the payload.
When appending large buffers to the attack string, it is possible to send too much
data. When too much data is sent, it will trigger an exception, which gets handled by
exception handlers. An exception handler will redirect control of the process away from
our return address, and make it more difficult to deter ...