I’m working my way through some buffer overflow exploits on Windows. The ‘Hello World’ of stack-based buffer overflows is to pack a payload on the stack and ret into it. By default – for very good reason – the VS linker has DEP and ASLR enabled for native projects. ASLR tries to make it so an attacker can’t predict the stack address (or other module addresses) to jump into because the base image will be loaded into a random location. DEP marks the stack section not executable so payloads placed on the stack will not run.
To turn these security features off change the following linker settings on your project
- Linker->Advanced set Randomized Base Address to No
- Linker->Advanced set Data Execution Prevention (DEP) to No
Rebuild the project and break in VS to examine EBP. It should be the same each time you run.