The stack overflow has been discussed to death. If you don’t know the basic principle, then you should check out some of the the sixty-eight thousand hits on Google. Many of these descriptions would have you believe that any overflowable stack buffer will immediately allow the attacker to get root (or whatever the Windows equivalent [...]
I wrote about this tricky little problem a while ago and wasn’t too happy with the desperate methods that seemed necessary. Since then, I’ve been shown a much cleaner way to do the same thing, by manipulating the vTable manually. It seems that Microsoft haven’t changed their vTable implementation since Visual Studio 6 (at least) [...]
Update: Since new DLLs were pushed out a while back, this doesn’t work any longer. The function offsets are wrong, and the hook injection method is a little too flaky to be relied upon. Feel free to use this code as a basis, but I’d recommend the use of Microsoft Detours for the hook injection. [...]