Offset data by 1

2020-11-29 22:59:38 +00:00 · 2020-11-29 22:59:38 +00:00 · ea9a78d8b9
commit ea9a78d8b9
parent de9dadc961
1 changed files with 11 additions and 0 deletions
--- a/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
+++ b/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
@ -111,6 +111,10 @@ class ROPMakerX86(object):
        return p

    def __buildRopChain(self, write4where, popDst, popSrc, xorSrc, xorEax, incEax, popEbx, popEcx, popEdx, syscall):
+        #print("== Gadgets ==")
+        #print(self.__gadgets)
+        #print("=============\n\n\n\n")
+
        sects = self.__binary.getDataSections()
        dataAddr = None
        for s in sects:
@ -123,6 +127,13 @@ class ROPMakerX86(object):
        print(f"dataAddr = 0x{dataAddr:08x}")
        print(f"int 0x80 = 0x{syscall['vaddr']:08x}")

+        # Offset address to make all addresses even.
+        # This prevent having a null byte in any addresses we write to. 
+        if dataAddr % 2 == 0:
+            dataAddr += 1
+
+        print(f"dataAddr = 0x{dataAddr:08x}")
+
        # prepend padding
        p = bytes('A' * self.paddingLen, "ascii")