ret2plt

PLT, or Procedure Linkage Table. These are stubs that look up the addresses in the .got.plt section, and either jump to the right address, or trigger the code in the linker to look up the address. (If the address has not been filled in to .got.plt yet.) 漏洞程序 #include <stdio.h> void vuln() { puts("Come get me"); char buffer[20]; gets(buffer); } int main() { vuln(); return 0; } 32位ret2plt plt分析 程序保护 //gcc source.c -o vuln-32 -no-pie -fno-stack-protector -z execstack -m32 └─$ checksec --file=./vuln-32 [*] '/home/kali/exploits/ret2plt/vuln-32' Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x8048000) plt节 .plt节可执行 [0xf7fe4450]> iS~.plt 10 0x000002f0 0x18 0x080482f0 0x18……

阅读全文

利用got覆盖执行shellcode

漏洞程序 // gcc source.c -o vuln -no-pie -fno-stack-protector -z execstack -m32 #include <stdio.h> void vuln() { char buffer[20]; puts("Give me the input"); gets(buffer); } int main() { vuln(); return 0; }……

阅读全文

vfs重要数据结构

superblock object struct super_block { /** * 指向超级块链表的指针 */ struct list_head s_list; /* Keep this first */ /** * 设备标识符 */ dev_t s_dev; /* search index; _not_ kdev_t */ /** * 以字节为单位的块大小 */ unsigned long s_blocksize; /** * 基本块设备驱动程序中的以字节为单位的块大小。 */ unsigned long s_old_blocksize; /** * 以位为单位的块大小 */ unsigned char s_blocksize_bits; /** * 脏标志 */ unsigned char s_dirt; /** * 文件的最大长度 */ unsigned long long s_maxbytes; /* Max file size */ /** * 文件系统类型。 */ struct……

阅读全文

system call

linux linux windows windows 引用 system call syscall under-the-hood 上下文切换……

阅读全文