Buffer Overflow and Null Bytes

This is probably a really dumb question, but I've searched for a while and couldn't find anything.

Anyway, if I'm trying to exploit a buffer overflow to change the return address of a function, but the address has a null byte in it, how would I get around that?

Don't think it's stupid, idk the answer. But then I'm no expert. Is there no way you could use a different return address like a non direct route? where is the null byte?

It's the only solution I can foresee.

I'm trying to change the return address to 004013ef

you can try a partial overwrite

ie overwrite eip with \xef\x13\x40 #Little endian

But it also depends on the structure of the overflow, how much room you have and if you are able to get there. Keep in mind that with partial overwrites thats the end of your code, all needs to be done before that… no room after.

And the partial overwrite worked. It turns out I was actually writing the return address into EBP instead of where I should as well as messing up the return address. Thanks.