Small Buffer Layout
4 bytes
of Null
Prog name
Shellcode
Stack
Args/Env
Address of shellcode
0xbfffffff
0xbffffffa
Formula:
Overwrite EIP = 0xbffffffa - length of shellcode - length of vulnerable program name