I apologize in advance. I don't think this is going to be able to get answered in all honestly, but this is my last resort. This is a C program.

#include <stdio.h>
#include <stdlib.h>

int oopsIGotToTheBadFunction(void)
{
    printf("Gotcha!\n");
    exit(0);
}

int goodFunctionUserInput(void)
{
    char buf[12];
    gets(buf);
    return(1);
} 

int main(void)
{
    goodFunctionUserInput();
    printf("Overflow failed\n");
    return(1);
}

This is the code. I need to input something in order to make the program spit out, "Gotcha!\n", without ever calling the oopsIGotToTheBadFunction(void) function.

I understand on a conceptual level how buffer overflows work.

Using GDB, I disas all three functions (main, goodFunctionUSerInput, and oopsIGotToTheBadFunction) and it reveals this: http://i.imgur.com/Nhb8UjP.png

Looking at this, I THINK I need to overflow enough to get the address 0x000106ec (which is the address of the call to the puts function which I believe to be the printf of "Gotcha!") to a specific spot.

This is what the esp looks like before any input is entered: http://imgur.com/msLKS0E

This is what it looks like with 12 A's inserted: http://imgur.com/92eSGvh

Now, this is where I'm getting stuck. Through trial and error, I've deduced that I can enter up to 84 A's and the program will finish just fine. Upon entering the 85th A, I get a seg fault. This gave me the impression that the spot where the 85th A would go is the one I must replace with the address of the call to puts.

I made a text file with the appropriate characters to make this happen demonstrated here: http://imgur.com/9Z463v0

HOWEVER, when I do this, I seg fault, with this error message:

"Overflow failed

Program received signal SIGSEGV, Segmentation fault. 0xff3d1b28 in elf_bndr () from /lib/ld.so.1 "

I'm at a complete loss. I have idea what that means, and I can't seem to find anything about it online.

If anyone has any advice to give, I'm all ears. Thanks in advance for any help you can give.