Differences in disassembling 32 bit and 64bit

Question

I started my adventure with reverse engineering but I have some problems which I can't solve from the very beginning. I'm following tutorials on YT and I meet some differences. So, when I work with this code from the tutorial:

#include <stdio.h>
#include <string.h>

int main(int argc, char** argv)
{
    char buffer[500];
    strcpy(buffer, argv[1]);

    return 0;
}

I should get disassembly result as the guy from the tutorial:

But when I compile my program on a 32bit virtual machine with gcc -g -z execstack -fno-stack-protector and get result like this:

When I compile the same same cod on 64bit virtual machine with gcc -g -z execstack -fno-stack-protector -m32 I get the same result. However if I compile it with gcc -g -z execstack -fno-stack-protector I get something like this:

So it looks like the screenshot from the tutorial but it's 64bit version. So my question is, am I doing something wrong or I shoulg change something? I don't know if I should learn working with 64bit system or find a way to repair 32bit one. Anyone can help me?

Answer 1

You don't need two different virtual machines for x86 and x64, just make one for x64 and you can execute both x86 and x64 binaries.

You may want to find tutorials which provide the binaries, so you don't have to mess with compiler flags. The reason the assembly is different is because of different compiler versions and settings. You can try to disable optimizations but sometimes it's a waste of time, better to find a tutorial that provides the binaries.

Your exploit must be tailored to your binary, not the different binary from tutorial.

Most notably in your example, the size of the local stack frame is 0x200 in your second screenshot, but in the original screenshot it's 0x1F4.

You need to align your shellcode to match the layout of the enlarged stack frame.

Use the trial and error method of writing 'aaaaaaaaaaaaaaaaaaa' of various lengths and checking the memory to see where it landed