diff options
-rwxr-xr-x | .bin/jrp.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/.bin/jrp.c b/.bin/jrp.c index cd5dbb82..72a9c303 100755 --- a/.bin/jrp.c +++ b/.bin/jrp.c @@ -3,13 +3,16 @@ exec cc -Wall -Wextra $@ -o $(dirname $0)/jrp $0 #endif #include <err.h> -#include <stdint.h> #include <stdio.h> #include <sys/mman.h> #include <sysexits.h> #include <unistd.h> -enum op { +typedef unsigned long long op; +typedef long long value; +typedef value *(*fptr)(value *); + +enum { OP_PROL = 0x90fc8948e5894855, // push ebp; mov rbp, rsp; mov rsp, rdi OP_EPIL = 0xc35dec8948e08948, // mov rax, rsp; mov rsp, rbp; pop rbp; ret OP_CALL = 0x90666666d0ff5f58, // pop rax; pop rdi; call rax @@ -31,20 +34,18 @@ enum op { OP_SHR = 0x906666242cd34859, // pop rcx; shr qword [rsp], cl }; -typedef int64_t *(*fptr)(int64_t *); - int main() { int error; int page = getpagesize(); - int64_t *stack = mmap(0, page, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, 0, 0); - if (stack == MAP_FAILED) err(EX_OSERR, "mmap"); - int64_t *stack_ptr = stack + page / sizeof(int64_t); + value *base = mmap(0, page, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, 0, 0); + if (base == MAP_FAILED) err(EX_OSERR, "mmap"); + value *stack = base + page / sizeof(value); - enum op *ops = mmap(0, page, PROT_WRITE, MAP_ANON | MAP_PRIVATE, 0, 0); + op *ops = mmap(0, page, PROT_WRITE, MAP_ANON | MAP_PRIVATE, 0, 0); if (ops == MAP_FAILED) err(EX_OSERR, "mmap"); - enum op *p = ops; + op *p = ops; *p++ = OP_PROL; *p++ = OP_PUSH | (1 << 8); *p++ = OP_PUSH | (2 << 8); @@ -57,9 +58,9 @@ int main() { if (error) err(EX_OSERR, "mprotect"); fptr fn = (fptr) ops; - stack_ptr = fn(stack_ptr); + stack = fn(stack); - printf("%lld\n", *stack_ptr); + printf("%lld\n", *stack); return 0; } |