Go to file
JayPiKay 53776d20a6 Disabled CI for the moment 2020-04-16 17:26:19 +02:00
.gitlab-ci.yml.disabled Disabled CI for the moment 2020-04-16 17:26:19 +02:00
Makefile Added jmpesp tool 2020-04-16 16:14:09 +02:00
README.md Update README.md fixed TOC 2020-04-16 14:45:01 +00:00
env.c Handling non existing variable names 2020-04-01 17:32:15 +02:00
esp.c Added ESP tool 2020-04-01 17:24:15 +02:00
jmpesp.c Added jmpesp tool 2020-04-16 16:14:09 +02:00
reg.c Added return to register tool stub. 2020-04-02 13:50:56 +02:00
rsp.c Added Makefile and rsp tool 2020-04-02 14:09:42 +02:00
shc.c Shell Code test 2020-04-03 11:24:10 +02:00



Small collection of programs to retrieve pointers.



To compile the tools execute:

# Manually run:
gcc -o <toolname> <toolname>.c

# or all tools with:
make all

Using make all will automatically compile a 32-bit and 64-bit version of env.


Compile: gcc -o env env.c

Returns the pointer of an environment variable. This can be useful for ret2libc exploits.


Compile: gcc -m32 -o esp esp.c

Returns the pointer to the stack (for illustrations).

If security policies are active, the stack pointer should be randomized on eax execution.


Compile: gcc -m64 -o rsp rsp.c

Same as esp, but for 64-bit



Compile: gcc -o ret reg.c

Returns address of valid return to register jumps/calls.


Compile: gcc -o jmpesp jmpesp.c

Returns a list of JMP ESP instructions in the first page of a library with fixed address space. To find fixed addresses, check the target binary with ldd.

Further instructions can be added.