GithubHelp home page GithubHelp logo

pwn-basic-challenge's Issues

why canary place will change

lab8 sort

用r2看

var int local_138a8h @ rbp-0x138a8                                          
var int local_138a0h @ rbp-0x138a0                                          
var int local_20h @ rbp-0x20        這是name                                     
var int local_8h @ rbp-0x8          這是canay                                      
arg int arg_138a0h @ rbp+0x138a0   這是arr[]
  • 為甚不能只leak arr[10005] 就好
  • 要像下面一樣 先找 絕對值後最大值 去做處理
canary = array.pop(array.index(max(array, key=abs)))
if canary < 0:
    canary += 0xffffffffffffffff + 1
log.info(hex(canary))

而我用了解答 發現 canary 位置 會出現在 arr[0] 或 arr[10005]

我是看了台科的過來
希望大大可以幫我解答

lab8 sort

嘿 大大又是我 解了一個月還是想不出來

stack = array.pop(array.index(max(array, key=abs)))

libc = array.pop(array.index(max(array, key=abs))) - 0x21b97

我問題是這兩行 不懂用途
是leak libc的 base address 嗎?
如果是leak 那位甚要在 這裡leak

而且我發現 它arr[10000] 程式其實給 10005個
那多出來的5的 我也不知道裡面的值是從哪裡來的 是殘值 還是有意義的東西

我回去翻了lab7 但是沒得到太多有用的

感謝大大解答

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.