Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p><strong>Using malloc works fine.</strong></p> <p>OK this is my final answer, please note I used the orignal poster's code. I'm loading from disk, the compiled version of this code to a heap allocated area "bin", just as the orignal code did (the name is fixed not using argv, and the value 0x674 is from; </p> <pre><code>objdump -F -D foo|grep -i hoho 08048674 &lt;hohoho&gt; (File Offset: 0x674): </code></pre> <p>This can be looked up at run time with the BFD (Binary File Descriptor library) or something else, you can call other binaries (not just yourself) so long as they are statically linked to the same set of lib's.</p> <pre><code>#include &lt;stdio.h&gt; #include &lt;stdlib.h&gt; #include &lt;string.h&gt; #include &lt;sys/mman.h&gt; unsigned char *charp; unsigned char *bin; void hohoho() { printf("merry mas\n"); fflush(stdout); } int main(int argc, char **argv) { int what; charp = malloc(10101); memset(charp, 0xc3, 10101); mprotect(charp, 10101, PROT_EXEC | PROT_READ | PROT_WRITE); __asm__("leal charp, %eax"); __asm__("call (%eax)" ); printf("am I alive?\n"); char *more = strdup("more heap operations"); printf("%s\n", more); FILE* f = fopen("foo", "rb"); fseek(f, 0, SEEK_END); unsigned int len = ftell(f); fseek(f, 0, SEEK_SET); bin = (char*)malloc(len); printf("read in %d\n", fread(bin, 1, len, f)); printf("%p\n", bin); fclose(f); mprotect(&amp;bin, 10101, PROT_EXEC | PROT_READ | PROT_WRITE); asm volatile ("movl %0, %%eax"::"g"(bin)); __asm__("addl $0x674, %eax"); __asm__("call %eax" ); fflush(stdout); return 0; } </code></pre> <p>running...</p> <pre><code>co tmp # ./foo am I alive? more heap operations read in 30180 0x804d910 merry mas </code></pre> <p>You can use <a href="http://upx.sourceforge.net/" rel="noreferrer">UPX</a> to manage the load/modify/exec of a file.</p> <p>P.S. sorry for the previous broken link :|</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload