Generating shellcode - Submit the size of the stack space after overwritting the EIP as the answer.

Hello everyone, I find a bit of confussion in resolving that question.
I recon I must return the size between the EIP address and the last address of the stack (0xffffffff).
I understand and i think I get the basics of the stack, if someone could please point me out if I am wrong or where I am failing in some assumptions, I expose myself:
1- I generate the shellcode as following in the tutorial.
2- i execute the python instruction in order to adjust the exploit size.
My command is " run $(python -c 'print "\x55" * (1040 - 124 - 95 - 4) + "\x90" * 124 + "\xda\xca\xba\xe4...[...]...\xad\xec\xa0\x04\x5a\x22\xa2" + "\x66" * 4')".
3- then i examine the stack, with it's registers and it's addresses, and I try to subtract the EIP address of the bowfunc (the current frame) minus the last address of the stack (0xffffffff).
4- there are 2 stack frames ( you can see this with the gdb "bt" command). And I have tried substracting both EIP registers with the last address of the stack (0xfffffffff). But I got no luck.

Am I calculating the space in a wrong way? Is this way of gathering this size of the stack space after the EIP okay?
Thanks a lot in advance,


Sign In to comment.