This assignment is a follow up to your last one. There are two parts to this assignment. Both parts make use of the files contained in this zip file.

In the zip file there is a C program called sittingDuck.c. Also in the zip file is an executable sittingDuck.exe and a data file called exploit2.bin. Do not compile the program. Use the executable given in the zip file. Run the executable with the data file as its input by using the following command line

The second part of your assignment is to construct your own exploit.bin input that, when read in by sittingDuck.exe, corrupts the stack of the function vulnerable() (in sittingDuck.c) in such a way that when vulnerable() returns, it returns to the call to the printf() function in the else part in the main() function (just like in the previous assignment). Do not modify or recompile the program sittingDuck.c. Your exploit should work with the executable contained in the zip file. Test your exploit against the executable with a command line like the following:

The best strategy for doing both parts of this assignment is to use the program's assembly language listing and the dissassembly window in the Visual Studio debugger to create a very detailed drawing of the running program's stack frames. (Such a drawing should be part of what you turn in.)

Turn in a zip file containing your explanation of the first part of this assignment and your exploit.bin file. If you want to know if your explanation is on track and sufficiently detailed, send me a copy before the due date and I'll let you know how you are doing.

This assignment is due Wednesday, February 16.