Hello all,
I kindly ask if someone could explain me in a simple way which are the "right" steps to put the right address into ecx to land inside myjunk.
This one is my "actual" situation:

ecx offset is 15000
myjunk = "A"*15000
ecxaddress = ?? how can i check which readable address i need to put here?? i' m using immunity debugger

I noticed that there is another thread below but it is not clear for me (i have the same problem)
t-13375.html
sorry for the noob question!! hope that you can understand
thanks a lot
Luc

well, first of all it might be an idea to give us an idea of what you are actually doing..

yes sure, nothing special .. i'm playing with a small custom application and i found a buffer overflow so i'm trying to exploit it just for fun, below there is the stack record:
the stack:

eax 00000003
ecx 42424242
eip 0048AD90 appl.0048AD90

Best regards

This might not be exploitable since EIP was not overwritten. The debugger stopped because of an access violation, look what instruction the debugger stopped at to see if it is a read or write error. If it's a write error and you can control both the destination and the content this might be exploitable. Also you should try to pass the exception (Shift-F9) to see if the SEH chain is overwritten. You can also try with a shorter/longer buffer.

Needless to say you will need a basic understanding of assembly to exploit this. If you are just starting with exploit writing you might want to try a simpler one where you directly overwrite EIP.