|
||
---|---|---|
.gitlab-ci.yml.disabled | ||
Makefile | ||
README.md | ||
env.c | ||
esp.c | ||
jmpesp.c | ||
reg.c | ||
rsp.c | ||
shc.c |
README.md
ptrtools
Small collection of programs to retrieve pointers.
Tools
Usage
To compile the tools execute:
# Manually run:
gcc -o <toolname> <toolname>.c
# or all tools with:
make all
Using make all
will automatically compile a 32-bit and 64-bit version of env.
env
Compile: gcc -o env env.c
Returns the pointer of an environment variable. This can be useful for ret2libc
exploits.
esp
Compile: gcc -m32 -o esp esp.c
Returns the pointer to the stack (for illustrations).
If security policies are active, the stack pointer should be randomized on eax execution.
rsp
Compile: gcc -m64 -o rsp rsp.c
Same as esp, but for 64-bit
reg
TODO
Compile: gcc -o ret reg.c
Returns address of valid return to register jumps/calls.
jmpesp
Compile: gcc -o jmpesp jmpesp.c
Returns a list of JMP ESP
instructions in the first page of a library with fixed address space. To find fixed addresses, check the target binary with ldd
.
Further instructions can be added.