I am reviewing for my exams next week, I have come across a past question.

void func(char * arg) { char buf[32]; strcpy(buf, arg); } 

Suppose;

• No defenses at all
• buf begins at 0xbffebfb0
• (gdb) x/2wx $ebp 0xbffebfd8: 0xbffec068 0x08048fe1

a) you want to run a payload that is 24 bytes long, what bytes should be copied into the buffer for an exploit? (I would want to fill in '\x90' for the 24 bytes)

b) If ASLR is enabled, which offsets the stack by 0-15 bytes each time it runs, what payload (describe in python print statement) will always get the shellcode above to execute? or why is such a payload impossible?