1. The hacker writes malicious code into memory but it doesn’t do anything until it’s executed

2. The hacker wants to set the return pointer to point to the malicious code so that the computer will execute that malicious code

3. If the address space is randomized, then it’s harder to know where the malicious code got stored in memory so it’s harder to get the victim’s computer to execute it

ASLR doesn’t prevent buffer overflows – it just makes it harder to exploit them to perform code execution.

When I exploit a buffer overflow, what I’m most likely doing is overwriting the parts of the stack containing the *return address* by custom addresses of my choosing.

If I don’t know what addresses to write into the stack, I can’t figure out how to make the program jump where I want it to jump!

Yep.

This sounds very confusing and complicated to implement but if you understand the concept of virtual memory it makes a lot more sense.