|
3 years ago | |
---|---|---|
.gitlab-ci.yml.disabled | 3 years ago | |
Makefile | 3 years ago | |
README.md | 3 years ago | |
env.c | 3 years ago | |
esp.c | 3 years ago | |
jmpesp.c | 3 years ago | |
reg.c | 3 years ago | |
rsp.c | 3 years ago | |
shc.c | 3 years ago |
README.md
ptrtools
Small collection of programs to retrieve pointers.
Tools
Usage
To compile the tools execute:
# Manually run:
gcc -o <toolname> <toolname>.c
# or all tools with:
make all
Using make all
will automatically compile a 32-bit and 64-bit version of env.
env
Compile: gcc -o env env.c
Returns the pointer of an environment variable. This can be useful for ret2libc
exploits.
esp
Compile: gcc -m32 -o esp esp.c
Returns the pointer to the stack (for illustrations).
If security policies are active, the stack pointer should be randomized on eax execution.
rsp
Compile: gcc -m64 -o rsp rsp.c
Same as esp, but for 64-bit
reg
TODO
Compile: gcc -o ret reg.c
Returns address of valid return to register jumps/calls.
jmpesp
Compile: gcc -o jmpesp jmpesp.c
Returns a list of JMP ESP
instructions in the first page of a library with fixed address space. To find fixed addresses, check the target binary with ldd
.
Further instructions can be added.