-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
关于lib_csu_init的一点小问题 #683
Comments
不好意思,最近事情繁忙,未能及时处理。可以直接提个 PR 么?说明一下这种新的情况,同时保留旧的情况。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
前两天看ret2csu时,发现
lib_csu_init
好像发生了变化,下面是我这边ida(objdump得到的结果一样)得到的lib_csu_init
反汇编代码首先是第一段gadget的赋值也发生了一些变化,后面使用ret2csu需要注意参数传入的对应寄存器。然后是尾部那段gadget发生了变化,由pop变成了mov,最重要的是开头的
add rsp,8
操作被移到了尾部一起执行了。这样就导致了第二个exp的问题。因为原来这段gadget是直接从pop开始赋值寄存器,但是变化后成了从栈顶下第二个8字节开始,所以原有的exp会出现错位8字节,下面是我修改了的部分exp,其实主要就是gadget位置与栈布局有细微的变化而已,在docker环境下测试通过。
The text was updated successfully, but these errors were encountered: