/* gcc -o vulnerable vulnerable.c */

void fn(char *in) {
  char buff[20];
  int base;

  strcpy(buff, in);
  // the nops are only here, because i wanted to be able to easily locate
  // this piece of assembly code in the "objdump -d vulnerable.o" output.
  __asm__("nop 
nop 
nop 
mov %%ebp, %%eax 
nop 
nop 
nop" : "=eax"(base));
  printf("base: %x stack_ptr:%x\n", base, base + 8);
}

int main(int argc, char **argv) {
  printf("%d\n%s\n", argc, argv[1]);
  fn(argv[1]);

  return 0;
}