This is the link to the Protostar exercises.
Let us load the stack0 into gdb, change into INTEL mode and disassemble the main function.
$ gdb /opt/protostar/bin/stack0
(gdb) set disassembly-flavor intel
(gdb) disassemble main
: push ebp 0x080483f5 : mov ebp,esp 0x080483f7 : and esp,0xfffffff0 0x080483fa : sub esp,0x60 0x080483fd : mov DWORD PTR [esp+0x5c],0x0 0x08048405 : lea eax,[esp+0x1c] 0x08048409 : mov DWORD PTR [esp],eax 0x0804840c : call 0x804830c 0x08048411 : mov eax,DWORD PTR [esp+0x5c] 0x08048415 : test eax,eax 0x08048417 : je 0x8048427 0x08048419 : mov DWORD PTR [esp],0x8048500 0x08048420 : call 0x804832c 0x08048425 : jmp 0x8048433 0x08048427 : mov DWORD PTR [esp],0x8048529 0x0804842e : call 0x804832c 0x08048433 : leave 0x08048434 : ret
Line 4 allocates space for the variables modified and buffer.
In line 5 the variable modified is set to 0. The address of this variable is ESP+0x5c. Since it is an integer, the size is 4 bytes.
In line 6-7 the address of buffer is saved on the top of the stack, so that when the function gets is called in the next line, this address is passed to this function. The address of this variable is ESP+0x1c.
The stack looks like this:
ESP+0x00:———-Top of the stack
The strcpy method copies the passed string from the address of buffer. In order to overwrite the modified variable, we have to pass 64 characters and 4 more characters, which will the new value of the modified variable. I passed 64 A and 4 B character: