Draw the stack (with pencil and paper) and detail what is located on the stack and where at the following points : -before your code starts executing the function Gets (so the instance after the call is executed, but before any code from gets executed) you should show where any information from the functions test and getbuf is located on the stack -just before the ret in your exploit string gets executed -just before hexmatch has executed its ret Be sure to include what address rsp and rbp are referencing in your diagram

/* Compare string to hex represention of unsigned value */

int hexmatch(unsigned val, char *sval) { char cbuf[110];

/* Make position of check string unpredictable */ char *s = cbuf + random() % 100; sprintf(s, "%.8x", val); return strncmp(sval, s, 9) == 0; } void touch3(char *sval) { vlevel = 3; /* Part of validation protocol */ if (hexmatch(cookie, sval)) { printf("Touch3!: You called touch3(\"%s\") ", sval); validate(3); } else { printf("Misfire: You called touch3(\"%s\") ", sval); fail(3); } exit(0); }