Draw what the stack should look like for a successful buffer overflow attack. Note that badfile is controlled by the user, and contains your shellcode, ie. the malicious code that you want executed.

#include #include #include int bof(char *str) { char buffer [24]; strcpy(buffer , str); return 1; } int main(int argc , char **argv) { char str [517]; FILE *badfile; badfile = fopen("badfile", "r"); fread(str , sizeof(char), 517, badfile ); bof(str); printf("Returned properly "); return 1; }