0PricingLogin
Ethical Hacking Academy · Lesson

Controlling EIP

Overwrite the return address.

The Goal

You have the offset, so you can place any four bytes into EIP. The question now is: what address should you put there?

You want EIP to point at your shellcode. But you cannot just hardcode the stack address; you need a reliable jump.

Why Not Hardcode the Stack Address?

The stack address where your shellcode sits can shift between runs and systems. Even small environment changes move it.

Instead, you use a stable instruction already in memory that redirects execution to wherever ESP currently points.

All lessons in this course

  1. Memory and the Stack
  2. Fuzzing for Crashes
  3. Controlling EIP
  4. Shellcode and Exploitation
← Back to Ethical Hacking Academy