This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| const system = x => host.namespace.Debugger.Utility.Control.ExecuteCommand(x); | |
| const log = x => host.diagnostics.debugLog(`${x}\n`); | |
| const convertStrToInt64 = str => host.parseInt64(str); | |
| const replaceString = (string, search, replaceWith) => { | |
| return string.split(search).join(replaceWith); | |
| } |
pzread
/ textile.md
Last active
October 22, 2022 13:13
When executing a ELF binary, Linux kernel will pass the memory address of PHDR(program header) to userspace by AT_PHDR entry of AUXV.
ld.so interpreter will parse the PHDR structure at memory addressAT_PHDR and resolve more ELF structures, such as dynamic section.
But Linux kernel wrongly calculate the PHDR address in memory.
NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
