jack/security-cw
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Offset data by 1

Browse Source
This commit is contained in:
Liam Dalgarno 2020-11-29 22:59:38 +00:00
parent de9dadc961
commit ea9a78d8b9
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
View File

@ -111,6 +111,10 @@ class ROPMakerX86(object):
return p return p
def __buildRopChain(self, write4where, popDst, popSrc, xorSrc, xorEax, incEax, popEbx, popEcx, popEdx, syscall): def __buildRopChain(self, write4where, popDst, popSrc, xorSrc, xorEax, incEax, popEbx, popEcx, popEdx, syscall):
#print("== Gadgets ==")
#print(self.__gadgets)
#print("=============\n\n\n\n")
sects = self.__binary.getDataSections() sects = self.__binary.getDataSections()
dataAddr = None dataAddr = None
for s in sects: for s in sects:
@ -123,6 +127,13 @@ class ROPMakerX86(object):
print(f"dataAddr = 0x{dataAddr:08x}") print(f"dataAddr = 0x{dataAddr:08x}")
print(f"int 0x80 = 0x{syscall['vaddr']:08x}") print(f"int 0x80 = 0x{syscall['vaddr']:08x}")
# Offset address to make all addresses even.
# This prevent having a null byte in any addresses we write to.
if dataAddr % 2 == 0:
dataAddr += 1
print(f"dataAddr = 0x{dataAddr:08x}")
# prepend padding # prepend padding
p = bytes('A' * self.paddingLen, "ascii") p = bytes('A' * self.paddingLen, "ascii")