tylermenezes/gist:1895672

## gistfile1.txt
What are all the numbers less than 4. There are a lot of them.


fns is passed into a function. Where is it in relation to variables you can control?


fns is a list of pointers to functions. What if you point it to another function?


The nm tool will give you function addresses for an executable.


You're going to need to align something correctly. gdb is extremely useful; look it up. At the least, you should know the commands "break", "run [args]", "step", "c" "p/x [expr]", and "p/c [expr]". (You'll also definitely need "i r" for level 4.)


Use Perl to generate non-printable characters. level03 [number] "`perl -e 'print "\x00";'`" You can use it inside gdb, even!


Remember that C null-terminates strings.


You'll also need to byte-align the return address, since sizeof(char) != sizeof(pointer).
	What are all the numbers less than 4. There are a lot of them.













































	fns is passed into a function. Where is it in relation to variables you can control?













































	fns is a list of pointers to functions. What if you point it to another function?













































	The nm tool will give you function addresses for an executable.













































	You're going to need to align something correctly. gdb is extremely useful; look it up. At the least, you should know the commands "break", "run [args]", "step", "c" "p/x [expr]", and "p/c [expr]". (You'll also definitely need "i r" for level 4.)














































	Use Perl to generate non-printable characters. level03 [number] "`perl -e 'print "\x00";'`" You can use it inside gdb, even!













































	Remember that C null-terminates strings.













































	You'll also need to byte-align the return address, since sizeof(char) != sizeof(pointer).