jpk
/
ptrtools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 Commits
1 Branch
0 Tags
43 KiB
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
JayPiKay 53776d20a6
Disabled CI for the moment 		3 years ago
.gitlab-ci.yml.disabled Disabled CI for the moment 3 years ago
Makefile Added jmpesp tool 3 years ago
README.md Update README.md fixed TOC 3 years ago
env.c Handling non existing variable names 3 years ago
esp.c Added ESP tool 3 years ago
jmpesp.c Added jmpesp tool 3 years ago
reg.c Added return to register tool stub. 3 years ago
rsp.c Added Makefile and rsp tool 3 years ago
shc.c Shell Code test 3 years ago

README.md

ptrtools

Small collection of programs to retrieve pointers.

Tools

Usage

To compile the tools execute:

# Manually run:
gcc -o <toolname> <toolname>.c

# or all tools with:
make all

Using make all will automatically compile a 32-bit and 64-bit version of env.

env

Compile: gcc -o env env.c

Returns the pointer of an environment variable. This can be useful for ret2libc exploits.

esp

Compile: gcc -m32 -o esp esp.c

Returns the pointer to the stack (for illustrations).

If security policies are active, the stack pointer should be randomized on eax execution.

rsp

Compile: gcc -m64 -o rsp rsp.c

Same as esp, but for 64-bit

reg

TODO

Compile: gcc -o ret reg.c

Returns address of valid return to register jumps/calls.

jmpesp

Compile: gcc -o jmpesp jmpesp.c

Returns a list of JMP ESP instructions in the first page of a library with fixed address space. To find fixed addresses, check the target binary with ldd.

Further instructions can be added.