README.md - Opengist

Révision be00d9ee856b7e032fea1525da05dab3bbc7fe96

README.md · 99 B · Markdown Brut

gcc test.c -o test
gcc -shared -fPIC test2.c -o test2.so
LD_PRELOAD="./test2.so" ./test

test.c · 302 B · C Brut

1	#include <stdio.h>
2	#include <sys/mman.h>
3	#define UNPROTECT(addr,len) (mprotect((void*)(addr-(addr%len)),len,PROT_READ\|PROT_WRITE\|PROT_EXEC))
4
5	int y = 100;
6
7	char teste[] = "HUEBR\n";
8
9	char I_WANT_SPACE[100]; // Because I WANT SPACE
10
11	int main() {
12	printf("Y: %d\n", y);
13	printf(teste);
14	printf(teste);
15	}
16

test2.c · 722 B · C Brut

1	#include <stdio.h>
2	#include <sys/mman.h>
3
4	#define UNPROTECT(addr,len) (mprotect((void*)(addr-(addr%len)),len,PROT_READ\|PROT_WRITE\|PROT_EXEC))
5
6	void __attribute__((constructor)) initialize(void) {
7	char *x = 0x6010A8; // Address in empty space of I_WANT_SPACE
8	x[0] = 'p';
9	x[1] = 'h';
10	x[2] = 'p';
11	x[3] = '\n';
12	x[4] = 0x00;
13
14	UNPROTECT(0x400530,4096); // 0x400530 is the address of the main() space
15	int *t = 0x400552; // mov edi, offset teste ; "HUEBR\n" - Adress to offset teste
16	*t = x;
17
18	x = 0x40056F; // mov eax, 0 - Before last line
19	x[0] = 0x48;
20	x[1] = 0xc7;
21	x[2] = 0xc0;
22	t = x + 3;
23	*t = 0x40053A; // Address of start of the main() function excluding the stack pushes.
24	x[7] = 0xff;
25	x[8] = 0xe0;
26	}
27