You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
JayPiKay 53776d20a6
Disabled CI for the moment
3 years ago
.gitlab-ci.yml.disabled Disabled CI for the moment 3 years ago
Makefile Added jmpesp tool 3 years ago Update fixed TOC 3 years ago
env.c Handling non existing variable names 3 years ago
esp.c Added ESP tool 3 years ago
jmpesp.c Added jmpesp tool 3 years ago
reg.c Added return to register tool stub. 3 years ago
rsp.c Added Makefile and rsp tool 3 years ago
shc.c Shell Code test 3 years ago


Small collection of programs to retrieve pointers.



To compile the tools execute:

# Manually run:
gcc -o <toolname> <toolname>.c

# or all tools with:
make all

Using make all will automatically compile a 32-bit and 64-bit version of env.


Compile: gcc -o env env.c

Returns the pointer of an environment variable. This can be useful for ret2libc exploits.


Compile: gcc -m32 -o esp esp.c

Returns the pointer to the stack (for illustrations).

If security policies are active, the stack pointer should be randomized on eax execution.


Compile: gcc -m64 -o rsp rsp.c

Same as esp, but for 64-bit



Compile: gcc -o ret reg.c

Returns address of valid return to register jumps/calls.


Compile: gcc -o jmpesp jmpesp.c

Returns a list of JMP ESP instructions in the first page of a library with fixed address space. To find fixed addresses, check the target binary with ldd.

Further instructions can be added.