vbrandl/WIS-SEC-BOF
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Realistic stack layouts

Browse Source
This commit is contained in:
Valentin Brandl 2019-12-16 11:38:01 +01:00
parent 6f226c2845
commit 541a979646
No known key found for this signature in database
GPG Key ID: 30D341DD34118D7D
3 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
work/dot/before.dot
View File

@ -3,8 +3,8 @@ digraph G {
shape="plaintext"
label=<
<table border='1' cellborder='1'>
<tr><td>data1</td><td>0xFE</td><td>&lt;- SP</td></tr>
<tr><td>data1</td><td>0xFF</td><td>&lt;- BP</td></tr>
<tr><td>argc</td><td>0xFE</td><td>&larr; SP (main)</td></tr>
<tr><td>argv</td><td>0xFF</td><td>&larr; BP (main)</td></tr>
</table>
>];
}

13
work/dot/call.dot
View File

@ -3,13 +3,14 @@ digraph G {
shape="plaintext"
label=<
<table border='1' cellborder='1'>
<tr><td>data2</td><td>0xF9</td><td>&lt;- SP</td></tr>
<tr><td>data2</td><td>0xFA</td><td>&lt;- BP</td></tr>
<tr><td>buf</td><td>0xC8</td><td>&larr; SP (vuln)</td></tr>
<tr><td>buf</td><td>...</td><td></td></tr>
<tr><td>buf</td><td>0xFA</td><td>&larr; BP (vuln)</td></tr>
<tr><td>[old IP]</td><td>0xFB</td><td></td></tr>
<tr><td>*0xFE</td><td>0xFC</td><td></td></tr>
<tr><td>*0xFF</td><td>0xFD</td><td></td></tr>
<tr><td>data1</td><td>0xFE</td><td></td></tr>
<tr><td>data1</td><td>0xFF</td><td></td></tr>
<tr><td>[BP (main)]</td><td>0xFC</td><td></td></tr>
<tr><td>[*input]</td><td>0xFD</td><td></td></tr>
<tr><td>argc</td><td>0xFE</td><td></td></tr>
<tr><td>argv</td><td>0xFF</td><td></td></tr>
</table>
>];
}

13
work/dot/exploit.dot
View File

@ -3,13 +3,14 @@ digraph G {
shape="plaintext"
label=<
<table border='1' cellborder='1'>
<tr><td>data2</td><td>0xF9</td><td>&lt;- SP</td></tr>
<tr><td>[payload]</td><td>0xFA</td><td>&lt;- BP</td></tr>
<tr><td>[payload]</td><td>0xC8</td><td>&larr; SP (vuln)</td></tr>
<tr><td>[payload]</td><td>...</td><td></td></tr>
<tr><td>[payload]</td><td>0xFA</td><td>&larr; BP (vuln)</td></tr>
<tr><td>[controlled IP]</td><td>0xFB</td><td></td></tr>
<tr><td>*0xFE</td><td>0xFC</td><td></td></tr>
<tr><td>*0xFF</td><td>0xFD</td><td></td></tr>
<tr><td>data1</td><td>0xFE</td><td></td></tr>
<tr><td>data1</td><td>0xFF</td><td></td></tr>
<tr><td>[BP (main)]</td><td>0xFC</td><td></td></tr>
<tr><td>[*input]</td><td>0xFD</td><td></td></tr>
<tr><td>argc</td><td>0xFE</td><td></td></tr>
<tr><td>argv</td><td>0xFF</td><td></td></tr>
</table>
>];
}