Lazy binding is the process according to which native functions calls get linked only during runtime when they get called. Thus an attacker that has control of the stack, can start sending bytes until it reaches the GOT pointer to that function and replaces it.

First the call is pointing to the PLT, which points to the GOT. If the GOT pointer was not initialized, it points to the linker, which then locates the native syscall and the pointer is replaced with the actual library pointer.

the RET instruction will take the value from the rsp and jump to the address in it.

CANARY

Scanf takes an input %d and places it into a variable. To mantain the value of the variable, we shall give the “.” input.