|
|
|
|
|
|
by wazari972
3507 days ago
|
|
|
> Mind asking a few things? sure! nothing and nothing ;-) they were just leads I was trying. `target` was for: void **target; *target = *mov_addr; // move sizeof((void *) bits
I've updated the gist.> Also, even though mprotect() succeeds, I got a segfault. try in GDB something like: (gdb) disassemble main
...
0x00000000004005dd <+64>: mov %rax,%rdi
0x00000000004005e0 <+67>: callq 0x400566 <checksum>
0x00000000004005e5 <+72>: mov %rax,-0x8(%rbp)
0x00000000004005e9 <+76>: cmpq $0xad4,-0x8(%rbp)
....
(gdb) break passme.c:62
(gdb) continue # should ends up *after* the memcpy
(gdb) disassemble main
...
0x00000000004005dd <+64>: mov %rax,%rdi
0x00000000004005e0 <+67>: movl $0xad4,-0x8(%rbp)
0x00000000004005e7 <+74>: nop
0x00000000004005e8 <+75>: nop
0x00000000004005e9 <+76>: cmpq $0xad4,-0x8(%rbp)
and in both disassemblies, look around 0x4005e0 (<main+67>) to see how instructions have been overwritten. In the second disassembly, if you see strange-looking instructions (eg clc), there was a problem with the copy / the instruction copied. Let me know ! |
|
|