I have code below:
void test_function(int a, int b, int c, int d) {
int flag;
char buffer[10];
flag = 31337;
buffer[0] = 'A';
}
int main() {
test_function(1, 2, 3, 4);
}
I set breakpoints to the line where test_function is called with parameters and then to the test_function itself. After I run through both breakpoints I try to examine the stack frame using x/16xw $rsp.
0x7fffffffdd90: 0x00000004 0x00000003 0x00000002 0x00000001
0x7fffffffdda0: 0x00000002 0x00000000 0xbfebfbff 0x00000000
0x7fffffffddb0: 0xffffe259 0x00007fff 0x00000064 0x00000000
0x7fffffffddc0: 0xffffddd0 0x00007fff 0x555551b3 0x00005555
What seems very off is that the values of parameters are located in the lowest address in the stack. I thought they should be located in the highest. The output seems not to be following any logical order anyway, it seems split out quite randomly. I can find pieces of the disassembled code there, but in a complete random order. Also I cannot see the return address of main function.
I am following Hacking: Art Of Exploitation, where I think I understand it well, however I know it is for 32-bit, where I suppose is the problem. Can you please point me the right way to understand this on 64-bit? Thank you.
