Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Bytescan.c

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    35

    Default Bytescan.c

    Why when I compile and run this there doesn't pop out an address?

    Code:
    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>
    int main(int argc, char *argv[]) {
            int i, jmps;
            char *ptr = (char *) 0xffffe000;
            jmps = 0;
            for (i = 0; i < 4095; i++) {
                    if (ptr[i] == '\xff' && ptr[i+1] == '\xe4') {
                            printf("* 0x%08x : jmp *%%esp\n", ptr+i);
                            jmps++;
                    }
            }
            if (!jmps) {
                    printf("* No JMP %%ESP were found\n");
            }
            return 1;
    }

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by UnnamedOne View Post
    Why when I compile and run this there doesn't pop out an address?

    Code:
    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>
    int main(int argc, char *argv[]) {
            int i, jmps;
            char *ptr = (char *) 0xffffe000;
            jmps = 0;
            for (i = 0; i < 4095; i++) {
                    if (ptr[i] == '\xff' && ptr[i+1] == '\xe4') {
                            printf("* 0x%08x : jmp *%%esp\n", ptr+i);
                            jmps++;
                    }
            }
            if (!jmps) {
                    printf("* No JMP %%ESP were found\n");
            }
            return 1;
    }
    What command line are you using to compile it?
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Junior Member
    Join Date
    Mar 2008
    Posts
    35

    Default

    Quote Originally Posted by theprez98 View Post
    What command line are you using to compile it?
    gcc bytescan.c -o bytescan

    after that I just do ./bytescan

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by UnnamedOne View Post
    gcc bytescan.c -o bytescan

    after that I just do ./bytescan
    Ok, part 2, let me guess, what output are you getting? This?
    Code:
    *No JMP %ESP were found
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #5
    Junior Member
    Join Date
    Mar 2008
    Posts
    35

    Default

    Quote Originally Posted by theprez98 View Post
    Ok, part 2, let me guess, what output are you getting? This?
    Code:
    *No JMP %ESP were found
    Well, I'm gonna read the whole tutorial again. I'll reply to this thread again after I'm done
    Btw, can you change the bt~# to root@bt# in the terminal?

  6. #6
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by UnnamedOne View Post
    Well, I'm gonna read the whole tutorial again. I'll reply to this thread again after I'm done
    Btw, can you change the bt~# to root@bt# in the terminal?
    Ok, it seems as if you're trying to find a vulnerability in linux-gate.so.1 DSO, probably as part of a buffer overflow tutorial?

    I would guess your kernel was compiled in such a manner that JMP *%ESP can't be found in your linux-gate.so.1 (and therefore no such vulnerability).
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  7. #7
    Junior Member
    Join Date
    Mar 2008
    Posts
    35

    Default

    Quote Originally Posted by theprez98 View Post
    Ok, it seems as if you're trying to find a vulnerability in linux-gate.so.1 DSO, probably as part of a buffer overflow tutorial?

    I would guess your kernel was compiled in such a manner that JMP *%ESP can't be found in your linux-gate.so.1 (and therefore no such vulnerability).
    So I'm gonna have to look for another tutorial?

  8. #8
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by UnnamedOne View Post
    So I'm gonna have to look for another tutorial?
    I don't think you need to look for another tutorial, the tutorial is fine. But, you might need to find a different kernel with a different version of linux-gate.so.1 to use bytescan on.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  9. #9
    Junior Member
    Join Date
    Mar 2008
    Posts
    35

    Default

    Quote Originally Posted by theprez98 View Post
    I don't think you need to look for another tutorial, the tutorial is fine. But, you might need to find a different kernel with a different version of linux-gate.so.1 to use bytescan on.
    What kernel will work do you think?

  10. #10
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by UnnamedOne View Post
    What kernel will work do you think?
    Well, that depends on the tutorial. If you're following this guide, then the same OS/kernel as the guide would be appropriate; OpenSuSE 10.2, kernel 2.6.18, gcc 4.1.2.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •