当可以获得程序的来源程序码时，攻击者会寻找所有可疑的函式呼叫，然后尝试确定哪些是弱点。

When the source code is available, an attacker can look for all suspect function calls, and then try to determine which ones might end up being vulnerabilities.

youdao

这种想法是相当直接的︰在某处汇入一些攻击程式码（例如，呼叫 shell 的程式码）并以将控制传递给攻击程式码的方式来覆写堆叠。

The idea is pretty straightforward: Insert some attack code (for example, code that invokes a shell) somewhere and overwrite the stack in such a way that control gets passed to the attack code.

youdao

如果你的攻击没成功，马上呼叫空袭支援吧。

If at first you dont succeed, call in an air strike.

youdao