I've done a lot of research trying to understand this topic but still have some confusion. Currently I'm investigating buffer overflow. Here's an example of the function I'm looking at:
int testFunction(char* sourceBuffer)
{
unsigned char result = 0;
char destinationBuffer[512];
//do some insecure stuff with strcpy()
}
I'm compiling with these settings:
gcc -g -z execstack -fno-stack-protector -o test test.c
From what I can tell ASLR, stack protection, canary values, and compiler guards should be disabled with these settings. However upon inspecting memory in GDB this is how my stack looks:
HIGH
sourceBuffer...temp...etc...
RET address [4 bytes]
EBP address [4 bytes]
(8 bytes of mystery memory)
result [1 byte]
destinationBuffer[512 bytes]
LOW
I've tried reading about stack alignment / padding, this article was particularly helpful: Stack allocation, padding, and alignment
The default alignment is 16-bytes. According to that answer, if I change n = 2 it looks like it works. result is just 1 byte before where EBP pointer starts. This will allow me to exploit the buffer overflow into the return address like I want.
I'm really having a hard time how this works. If by default it's 16, is the stack initially setup with 16 bytes, then the RET and EBP pointers take up 4 bytes each, so there's just 8 bytes left over? I'm just pretty lost on understanding this.
