This is the link to the Protostar exercises.
Let us load the stack0 into gdb, change into INTEL mode and disassemble the main function.
$ gdb /opt/protostar/bin/stack0
(gdb) set disassembly-flavor intel
(gdb) disassemble main
0x080483f4 : push ebp
0x080483f5 : mov ebp,esp
0x080483f7 : and esp,0xfffffff0
0x080483fa : sub esp,0x60
0x080483fd : mov DWORD PTR [esp+0x5c],0x0
0x08048405 : lea eax,[esp+0x1c]
0x08048409 : mov DWORD PTR [esp],eax
0x0804840c : call 0x804830c
0x08048411 : mov eax,DWORD PTR [esp+0x5c]
0x08048415 : test eax,eax
0x08048417 : je 0x8048427
0x08048419 : mov DWORD PTR [esp],0x8048500
0x08048420 : call 0x804832c
0x08048425 : jmp 0x8048433
0x08048427 : mov DWORD PTR [esp],0x8048529
0x0804842e : call 0x804832c
0x08048433 : leave
0x08048434 : ret
Line 4 allocates space for the variables modified and buffer.
In line 5 the variable modified is set to 0. The address of this variable is ESP+0x5c. Since it is an integer, the size is 4 bytes.
In line 6-7 the address of buffer is saved on the top of the stack, so that when the function gets is called in the next line, this address is passed to this function. The address of this variable is ESP+0x1c.
The stack looks like this:
ESP+0x00:———-Top of the stack
ESP+0x1c:———-buffer
ESP+0x5c:———-modified
ESP+0x60:———-EBP
ESP+0x64:———-RET address
The strcpy method copies the passed string from the address of buffer. In order to overwrite the modified variable, we have to pass 64 characters and 4 more characters, which will the new value of the modified variable. I passed 64 A and 4 B character: