Assuming we got the following memory dump:
0x80004a3 <main+19>: call 0x8000470 <function> 0x80004a8 <main+24>: addl $0xc,%esp 0x80004ab <main+27>: movl $0x1,0xfffffffc(%ebp) 0x80004b2 <main+34>: movl 0xfffffffc(%ebp),%eax
So when the call of <function> is finished, i.e. the function returns,
the next Instruction is at 0x80004a8 (which the IP pointed at).
If we want to manipulate the stack (old linux x32 machine as test environment) and increase the RET Adress + 8 byte
we can jump past the command at 0x80004ab to 0x80004b2.
I know the inc for RET Adress is 8 bytes,
however i cant figure out how to calculate that up from the given memory dump.
I d be thankful for help.
Edited 6 Years Ago by katjaschmidt: n/a