BestHub
Sign in
Fundamentals 7 min read

Understanding Process Switching Through Function Calls and Buffer‑Overflow Exploits

The article explains the essence of process switching by comparing it to function calls, demonstrates how manipulating a function's return address can redirect execution to another function, and shows the underlying assembly and security implications of such control‑flow changes.

IT Services Circle
IT Services Circle
IT Services Circle
Understanding Process Switching Through Function Calls and Buffer‑Overflow Exploits

The author introduces process switching as a core operating‑system feature that enables multitasking by allocating limited CPU time among multiple processes, likening the pause‑and‑resume behavior of a process to the mechanics of a function call.

Function calls are illustrated with simple C code where void A() calls void B() , and after B finishes control returns to A . This conventional flow is visualized with a diagram.

A "magical" code example is then presented that deliberately overwrites the saved return address on the stack so that when B finishes it jumps to a third function funcC instead of returning to A . The code snippet is shown below:

#include
#include
void funcC() {
    printf("jump to funcC !!!\n");
    exit(-1);
}

void funcB() {
    long *p = NULL;
    p = (long*)&p
    *(p+2) = (long)funcC;
}

void funcA() {
    funcB();
}

int main() {
    funcA();
    return 0;
}

Running the program on a 64‑bit GCC 5.2.0 without optimizations prints "jump to funcC !!!", demonstrating that funcC executes even though it was never called directly.

The generated assembly for funcC and funcB is displayed, highlighting the ret instruction that pops the saved return address from the stack into the instruction pointer ( %rip ). By overwriting that address, the control flow is hijacked.

This manipulation mirrors the principle of a buffer‑overflow attack, where an attacker changes the return address to gain arbitrary code execution. The article points out that legitimate process switching performs a similar context switch—changing the execution flow and stack—but does so in a controlled, expected manner, unlike the illegal exploitation of overflow vulnerabilities.

In summary, process switching can be understood as a controlled version of the return‑address hijacking demonstrated, with the key difference being that operating‑system schedulers manage the stack and address space safely, whereas attackers exploit the same mechanism for malicious purposes.

assemblyOperating SystemFunction Callcontrol flowbuffer overflowprocess switching
IT Services Circle
Written by

IT Services Circle

Delivering cutting-edge internet insights and practical learning resources. We're a passionate and principled IT media platform.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment