arno/kernel_rop
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
master
kernel_rop/find_offset.py
Hashcrack b5dab95d89 added the ROP exploit
2016-06-22 22:00:49 +10:00

21 lines
444 B
Python
Raw Permalink Blame History

#!/usr/bin/env python
import sys
base_addr = int(sys.argv[1], 16)
f = open(sys.argv[2], 'r') # gadgets
for line in f.readlines():
target_str, gadget = line.split(':')
target_addr = int(target_str, 16)
# check alignment
if target_addr % 8 != 0:
continue
offset = (target_addr - base_addr) / 8
print 'offset =', (1 << 64) + offset
print 'gadget =', gadget.strip()
print 'stack addr = %x' % (target_addr & 0xffffffff)
break
Reference in New Issue View Git Blame Copy Permalink