Vulnerability Development mailing list archives
Solaris sparc newbie exploit coding misc questions
From: ework0 <ework0 () gmail com>
Date: Wed, 12 Oct 2005 13:36:46 -0600
Hello,I gather together some misc questions about designing buffer overflows PoC's for the solaris sparc architecture:
1. Basically, what is the stack address? how can be the same among different process? stack base addr is not related to memory locations? How can I get the stack base address? On solaris 10 sparc, running this code:
#include <stdio.h>
unsigned long get_sp(void){
__asm__("or %sp,%sp,%i0");
}
int main()
{
long i;
i = get_sp();
printf("0x%x \n",i);
}
Return: 0xffffffff What's missing?2. Shellcode on Solaris sparc: In some documentation, it says we always should include setreuid() because /bin/sh always check for this, but, i have seen some exploit code with a simple /bin/sh execve call.
3. What is exactly the term 'padding' in exploit coding? My english is very basic and the translation to my language doesnt help much.
I think that is more than enough, thanks for your kind help to any of these questions,
Current thread:
- Solaris sparc newbie exploit coding misc questions ework0 (Oct 13)
- Re: Solaris sparc newbie exploit coding misc questions Valdis . Kletnieks (Oct 17)
- Re: Solaris sparc newbie exploit coding misc questions backblue (Oct 17)
- <Possible follow-ups>
- Re: Solaris sparc newbie exploit coding misc questions Marco Ivaldi (Oct 17)
