abhi
Fri Jul 31 21:31:39 PDT 2009

>ret = buffer1 + 13; // ebp + 4
>works fine for me, try n let me know what u get

Hi null null(heh)
  I tried but* aint working*.
  What OS, kernel,  gcc do u have?

Heres the asm of function():
(gdb) disas function
Dump of assembler code for function function:
0x08048414 <function+0>:    push   %ebp
0x08048415 <function+1>:    mov    %esp,%ebp
0x08048417 <function+3>:    sub    $0x28,%esp
0x0804841a <function+6>:    mov    %gs:0x14,%eax
0x08048420 <function+12>:    mov    %eax,-0x4(%ebp)
0x08048423 <function+15>:    xor    %eax,%eax
0x08048425 <function+17>:    lea    -0x19(%ebp),%eax
0x08048428 <function+20>:    add    $0xd,%eax
0x0804842b <function+23>:    mov    %eax,-0x14(%ebp)
0x0804842e <function+26>:    mov    -0x14(%ebp),%eax
0x08048431 <function+29>:    mov    (%eax),%eax
0x08048433 <function+31>:    lea    0x7(%eax),%edx
0x08048436 <function+34>:    mov    -0x14(%ebp),%eax
0x08048439 <function+37>:    mov    %edx,(%eax)
0x0804843b <function+39>:    mov    -0x4(%ebp),%eax
0x0804843e <function+42>:    xor    %gs:0x14,%eax
0x08048445 <function+49>:    je     0x804844c <function+56>
0x08048447 <function+51>:    call   0x8048350 <__stack_chk_fail at plt>
0x0804844c <function+56>:    leave
0x0804844d <function+57>:    ret
End of assembler dump.


