Reading the book "Hacking - The Art of Exploitation"; I am following the writer as he changes the execution flow by overflowing the stack and changing the return address of a function. (Specifically, page 135-136) He manages to do this with a Perl script, entering the return address as a command line argument 10 times:
$ ./auth_overflow2 $(perl -e 'print "\xbf\x84\x04\x08"x10')
Command line-arguments are NUL-terminated strings. Therefore, you can't pass a string containing a NUL. It would be taken to be the end of the string.
$ perl -e'system("echo", "abc\x00def", "ghi\x00jkl");' abc ghi
Knowing this, the shell is stripping out the NULs when building the argument.
$ perl -e'printf "%v02X\n", $_ for @ARGV' "$( perl -e'print "\xbf\x84\x04\x08" x 5' )" BF.84.04.08.BF.84.04.08.BF.84.04.08.BF.84.04.08.BF.84.04.08 $ perl -e'printf "%v02X\n", $_ for @ARGV' "$( perl -e'print "\xbf\x84\x04\x00" x 5' )" BF.84.04.BF.84.04.BF.84.04.BF.84.04.BF.84.04
auth_overflow2 should be modified to take an escaped form of the address, e.g. the address in hex.