indigo/rop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rop/x86_64/fluff/gadgets
Brett Weiland 4c25bd9188 new file: x86_64/fluff/exploit.py 
new file:   x86_64/fluff/gadgets
2020-12-17 19:39:54 -06:00

45 lines
1.1 KiB
Plaintext
Raw Blame History

Memory bytes information
=======================================================
0x00000000004003c4 : 'f'
0x0000000000400239 : 'l'
0x00000000004003d6 : 'a'
0x00000000004003cf : 'g'
0x0000000000400000 : '.'
0x0000000000400192 : 't'
0x0000000000400246 : 'x'
0x0000000000400192 : 't'
0x0000000000400610 : mov eax, 0 ; pop rbp ; ret
400628: d7 xlat BYTE PTR ds:[rbx] #mov al, [rbx + al] requires rbx
***
40062a: 5a pop rdx
40062b: 59 pop rcx
40062c: 48 81 c1 f2 3e 00 00 add rcx,0x3ef2
400633: c4 e2 e8 f7 d9 bextr rbx,rcx,rdx
#rdx is controller.
rdx bits 0-7: starting bit
rdx bits 8-15: length
***
400639: aa stos BYTE PTR es:[rdi],al #moves al to rdi, then adds rdi
# requires rdi (check), al
0000000000400510 : print_file@plt
0x00000000004006a3 : pop rdi ; ret
exploit:
write to memory using al as letter
set al to zero
set rbx to memory location
rcx: (location - 0x3ef2) before bextr
rdx: 0x00 0x20 (from position zero, using 32 bits)
Reference in New Issue View Git Blame Copy Permalink