hello guys,
i would like to know how to locate/view with ida the wrong routine/subroutine/functions in case of classical stack buffer overflow. (eip overwritten)
In my case i'm playing with a
overflow triggered by file input (open file-->file.extension-->crash--> eip 43434343.. so probably functions involved are
vsprintf memset memalloc etc etc. (i see them in ida)
I kindly ask if someone Could explain how to understand the "exact" wrong function or drive me in the right direction?
thanks a lot, hope to have written the question in a clear way.
Luc

tbh there are many ways to get there, depending on the exploiting function.
I think that just a memory breakpoint on exploiting data would do in your case.
Another simple method would be to make the exploit 'minimal', i.e. roughly of the size needed to get the address overwrite: this way, when you get the exploit effect you can check the stack and it will (hopefully) contain still the address of the caller function (the one that called the function that did blow up), as a small stack exploit will only overwrite the saved frame+return address+part of caller function's space.

Got there, restart, locate such function and a conditional/hardware breakpoint (if it is called much times) and then you're done.

thanks a lot!!!
bye