I have a program with a stack based buffer overflow. It is running PIE with ASLR and DEP, however there is a section of executable code that is at a fixed location.
However, this region does not contain an int 0x80 gadget. I can control eax, ebx, ecx, and edx. How can I execute arbitrary syscalls to, say, call mprotect and read in shellcode? Every syscall seems to require an int 0x80, and I'm not sure how to bypass this.
Aucun commentaire:
Enregistrer un commentaire