linux bsd


         


0x33,0xC0, /* xor eax,eax */

0x40, /* inc eax */

0x50, /* push eax */

0x53, /* push ebx */

0x50 /* push eax */

};

// write

unsigned char buf_code[]={0xE8,0x0,0x0,0x0,0x0};

// thunk-

// "*"

// ret

unsigned char buf_post[]={

0x83,0xC4,0x10,/* add esp,10 */

0xC3 /* ret */

};

// thunk- :

// buf_pre + buf_code + buf_post

unsigned char buf_dst[sizeof(buf_pre)+sizeof(buf_code)+sizeof(buf_post)];

// write

call_r("libc.so.6", "gets", "write", sizeof(buf_pre));

// thunk-

memcpy(buf_dst,buf_pre,sizeof(buf_pre));

memcpy(buf_dst + sizeof(buf_pre), buf_code, sizeof(buf_code));

memcpy(buf_dst + sizeof(buf_pre) + sizeof(buf_code), buf_post, sizeof(buf_post));



//

//-------------------------------------------------------------------------



// C3h

(ret)

//if (page_buf[((unsigned int)p)%PAGE_SIZE]==0xC3)

//page_buf[((unsigned int)p)%PAGE_SIZE] = 0x55;

//else page_buf[((unsigned int)p)%PAGE_SIZE] = 0xC3;

// thunk- gets

memcpy(&page_buf[((unsigned int)p)%PAGE_SIZE],

buf_dst,sizeof(buf_dst));

 9  mem.c, gets write(1,&"*",1);

, , . - thunk-, , log !