Vulnerability Development mailing list archives
Solaris sparc newbie exploit coding misc questions
From: ework0 <ework0 () gmail com>
Date: Wed, 12 Oct 2005 13:36:46 -0600
Hello,I gather together some misc questions about designing buffer overflows PoC's for the solaris sparc architecture:
1. Basically, what is the stack address? how can be the same among different process? stack base addr is not related to memory locations? How can I get the stack base address? On solaris 10 sparc, running this code:
#include <stdio.h> unsigned long get_sp(void){ __asm__("or %sp,%sp,%i0"); } int main() { long i; i = get_sp(); printf("0x%x \n",i);}
Return: 0xffffffff What's missing?2. Shellcode on Solaris sparc: In some documentation, it says we always should include setreuid() because /bin/sh always check for this, but, i have seen some exploit code with a simple /bin/sh execve call.
3. What is exactly the term 'padding' in exploit coding? My english is very basic and the translation to my language doesnt help much.
I think that is more than enough, thanks for your kind help to any of these questions,
Current thread:
- Solaris sparc newbie exploit coding misc questions ework0 (Oct 13)
- Re: Solaris sparc newbie exploit coding misc questions Valdis . Kletnieks (Oct 17)
- Re: Solaris sparc newbie exploit coding misc questions backblue (Oct 17)
- <Possible follow-ups>
- Re: Solaris sparc newbie exploit coding misc questions Marco Ivaldi (Oct 17)