Let's review the diagram we used to understand the exploitation again, as follows:
We completed the first step in the preceding diagram. Our next task is to find the JMP ESP address. We require the address of a JMP ESP instruction because our payload will be loaded to the ESP register and we cannot merely point to the payload after overwriting the buffer. Hence, we will require the address of a JMP ESP instruction from an external DLL, which will ask the program to make a jump to the content of the ESP that is at the start of our payload.
To find the jump address, we will require a debugger so that we can see which ...