diff options
author | June McEnroe <programble@gmail.com> | 2016-10-06 01:04:12 -0400 |
---|---|---|
committer | June McEnroe <programble@gmail.com> | 2016-10-06 01:04:12 -0400 |
commit | ad98e4ecd3d6ddc999e93f59549a03ef05fffead (patch) | |
tree | 981364a392c4e485745393228cfd5a10573d69e3 | |
parent | Use rbp instead of r15 in jrp (diff) | |
download | src-ad98e4ecd3d6ddc999e93f59549a03ef05fffead.tar.gz src-ad98e4ecd3d6ddc999e93f59549a03ef05fffead.zip |
Generate some test code in jrp
-rwxr-xr-x | .bin/jrp.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/.bin/jrp.c b/.bin/jrp.c index 83894342..cd5dbb82 100755 --- a/.bin/jrp.c +++ b/.bin/jrp.c @@ -2,6 +2,13 @@ exec cc -Wall -Wextra $@ -o $(dirname $0)/jrp $0 #endif +#include <err.h> +#include <stdint.h> +#include <stdio.h> +#include <sys/mman.h> +#include <sysexits.h> +#include <unistd.h> + enum op { OP_PROL = 0x90fc8948e5894855, // push ebp; mov rbp, rsp; mov rsp, rdi OP_EPIL = 0xc35dec8948e08948, // mov rax, rsp; mov rsp, rbp; pop rbp; ret @@ -24,6 +31,35 @@ enum op { OP_SHR = 0x906666242cd34859, // pop rcx; shr qword [rsp], cl }; +typedef int64_t *(*fptr)(int64_t *); + int main() { + int error; + int page = getpagesize(); + + int64_t *stack = mmap(0, page, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, 0, 0); + if (stack == MAP_FAILED) err(EX_OSERR, "mmap"); + int64_t *stack_ptr = stack + page / sizeof(int64_t); + + enum op *ops = mmap(0, page, PROT_WRITE, MAP_ANON | MAP_PRIVATE, 0, 0); + if (ops == MAP_FAILED) err(EX_OSERR, "mmap"); + + enum op *p = ops; + *p++ = OP_PROL; + *p++ = OP_PUSH | (1 << 8); + *p++ = OP_PUSH | (2 << 8); + *p++ = OP_ADD; + *p++ = OP_DUP; + *p++ = OP_MUL; + *p++ = OP_EPIL; + + error = mprotect(ops, page, PROT_READ | PROT_EXEC); + if (error) err(EX_OSERR, "mprotect"); + + fptr fn = (fptr) ops; + stack_ptr = fn(stack_ptr); + + printf("%lld\n", *stack_ptr); + return 0; } |