I'm trying to do buffer overflow where I need to rewrite the saved RIP register value with an address.
The address is short (8 bytes), for example, 0x0000000012345678. The RIP register is 16 bytes, but if I input 0's, it terminates the string (because the buffer is being overflowed with strcpy). How do I get around rewriting with a short address without terminating the string?
I'm looking at the value by setting a break point at main in gdb, and stepping through until it copies the string, then looking at the saved RIP value with the info frame command.
This seems like it would be a common problem, but I guess I'm not googling properly.
The RIP register is 16 bytes,
There are no current processors with 128 bit addresses; the above statement is false.
How do I get around rewriting with a short address without terminating the string?
Use something other than strcpy to perform the overflow.
I'm not allowed to change the code
In that case, your task of "overflow with short address via strcpy" becomes impossible.
However, you may still achieve the end result by first overflowing the return address with a trampoline that points to e.g. memcpy (you didn't say what OS you are using, but on e.g. Linux memcpy will usually have a "long" address), and then having memcpy overflow the return address a second time (memcpy will not stop on NUL character).
This technique is called return to libc attack.