I have found ROP tutorial on x86. Now i try to exploit simple buffer overflow case on x64:
int main(int argc, char **argv)
{
char buf[10];
strcpy(buf, argv[1]);
...
}
I figured out, that the code i want to return in, located at addresses with leading zeros. For example libc could be mapped at 0x7fb524bd0000 = 0x00007fb524bd0000 and so on. In case of x86 libc code could be placed at addresses like 0xb7edc6bf, so this makes no problem. Does it mean that i can't use ROP for that type of vulnerability on x64? Or maybe there is a workaround? Thanks.
Aucun commentaire:
Enregistrer un commentaire