1.5 EIP = 41414141

Note

Instruction pointer/Program counter:

EIP—32-bit instruction pointer (IA-32)
RIP—64-bit instruction pointer (Intel 64)
R15 or PC—ARM architecture as used on Apple’s iPhone

To illustrate the security implications of the bugs that I found, I will discuss the steps needed to gain control of the execution flow of the vulnerable program by controlling the instruction pointer (IP) of the CPU. The instruction pointer or program counter (PC) register contains the offset in the current code segment for the next instruction to be executed.^[5] If you gain control of this register, you fully control the execution flow of the vulnerable process. To demonstrate instruction pointer control, I will modify the register to values like 0x41414141 ...

Get A Bug Hunter's Diary now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

A Bug Hunter's Diary by

1.5 EIP = 41414141

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly