I need help to exploit a buffer overflow on a jmp_buf structure. I have

Question

0

Editorial Team

Asked: May 22, 20262026-05-22T21:38:42+00:00 2026-05-22T21:38:42+00:00

I need help to exploit a buffer overflow on a jmp_buf structure. I have

0

I need help to exploit a buffer overflow on a jmp_buf structure.

I have the following values on the stack (seen by gdb):

0xbffffc40:     0xb7fd8ff4      0x080485a0      0x080483f0      0xbffffcf8
0xbffffc50:     0xebf06081      0x1d0a15ee

The second one is the next IP (after the setjmp) but if i modify it i do not change the behavior of my program.

I noticed that I can change the flow (and obtain a Segmentation) only if i modify the value of the last one.

But, I can not understand the meaning of the last word and how to change it to obtain the desired behavior.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T21:38:43+00:00

I am trying to do the same at the moment – i do not know what os you are using, but i found the following docu
(@ http://freebsd.active-venture.com/FreeBSD-srctree/newsrc/dev/vinum/vinummemory.c.html) for freebsd which simpy discribes the jmpbuf struct:

struct JmpBuf {
    int jb_ebx; //in your case --> 0xb7fd8ff4      
    int jb_esp; //in your case --> 0x080485a0
    int jb_ebp; //in your case --> 0x080483f0      
    int jb_esi; //in your case --> 0xbffffcf8
    int jb_edi; //in your case --> 0xebf06081      
    int jb_eip; //in your case --> 0x1d0a15ee
    };

Therefore 0x080485a0 would be the stored ESP and not EIP which would explain the segfault in your case…

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I need help to exploit a buffer overflow on a jmp_buf structure. I have

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply