I mentioned that the payload space variable was critical to our exploit. The next step in development is to define the payload. To do this, we first need to find out how much space is available to play with. The more space we have, the more options we get as far as how much capability we can fit into our payloads. There are 104 payloads in MSF 3.1, and each payload is a different size. If the vulnerable program has limited space for us to use, then some of the larger payloads won't work. We also need to know what position on the stack is read as the next instruction right before it crashes.

During our first two exploit attempts, OllyDbg told us that the next instruction pointer's address was 0x41414141 when the FTP server ...