贴一小段自己写的小程序

//MS VC++ 6.0 Console lhj
#include <windows.h>

void main()
{
//保留原来的返回地址
DWORD *pBackAddress = (DWORD *)&pBackAddress + 2;
DWORD BackAddress = *pBackAddress;

//获取自己的执行代码地址
HMODULE hModule = LoadLibrary("User32.dll");
DWORD Address = (DWORD)GetProcAddress(hModule, "MessageBoxA");

//缓冲区溢出
DWORD Buffer[100];
Buffer[0] = 0x5050C033;// xoreax, eaxpush eaxpush eax
Buffer[1] = 0xE8905050;// pusheax pusheax
Buffer[2] = Address - (DWORD)&Buffer[3];// call MessageBoxA
Buffer[3] = 0xE9909090;// jmpBackAddress
Buffer[4] = BackAddress - (DWORD)&Buffer[5];

//更改返回地址
*pBackAddress = (DWORD)Buffer;

}

举例:

void MyRecv(char buffer)
{
char TempBuf[1024];
memset(TempBuf, 0, 1024);
int len = recv(TempBuf);
memcpy(buffer, TempBuf, len);
}

如果在我们的程序中调用过这样一段程序, 那么我们的程序将面临着溢出的危险!