diff options
| author | Olivier Gayot <duskcoder@gmail.com> | 2014-01-27 12:17:08 +0000 |
|---|---|---|
| committer | Olivier Gayot <duskcoder@gmail.com> | 2014-01-27 12:22:00 +0000 |
| commit | a9f072448d2ffd9f1f275367533945e7a92237a3 (patch) | |
| tree | 802423bee9101045be7ac2a892b60aa4008ff359 | |
| parent | 909c5c82137a6b81091c14bd7d5dd63d149f8c43 (diff) | |
allow to append a prefix and a suffix to the payload
the user can use --prefix "abcdfdafsjdlf" to generate a payload
prepended by "abcdfdafsjdlf". The same way, he is able to append after
the payload using --suffix.
Morever, he can specify --sfxnops 'n' to append 'n' NOP bytes directly
after the payload.
The user is informed via stderr of the offset of the NOP bytes and the
the offset of suffix.
Refs: #1
| -rw-r--r-- | main.c | 55 |
1 files changed, 55 insertions, 0 deletions
@@ -38,6 +38,15 @@ static unsigned int idx_stack_g; /* assume that an address is 'address_size_g' bytes long */ static int address_size_g = 4; +/* prepend the payload with a prefix */ +static char *prefix_g = NULL; + +/* append suffix to the payload */ +static char *suffix_g = NULL; + +/* how many NOP bytes (0x90) shall we append before suffix */ +static int suffix_nops_g = 0; + __attribute__((noreturn)) static void usage(const char *arg0) { @@ -64,6 +73,9 @@ static int parse_arguments(int argc, char *argv[]) OPT_WITH, OPT_STACKIDX, OPT_ADDR_SIZE, + OPT_PREFIX, + OPT_SUFFIX, + OPT_SFX_NOPS, }; static struct option long_options[] = { @@ -71,6 +83,9 @@ static int parse_arguments(int argc, char *argv[]) {"with", required_argument, 0, OPT_WITH}, {"stackidx", required_argument, 0, OPT_STACKIDX}, {"addrsize", required_argument, 0, OPT_ADDR_SIZE}, + {"prefix", required_argument, 0, OPT_PREFIX}, + {"suffix", required_argument, 0, OPT_SUFFIX}, + {"sfxnops", required_argument, 0, OPT_SFX_NOPS}, }; int option_index; @@ -101,6 +116,15 @@ static int parse_arguments(int argc, char *argv[]) } break; + case OPT_PREFIX: + prefix_g = optarg; + break; + case OPT_SUFFIX: + suffix_g = optarg; + break; + case OPT_SFX_NOPS: + suffix_nops_g = atoi(optarg); + break; default: /* * we must have accessed an option which we do not have @@ -168,6 +192,24 @@ int main(int argc, char *argv[]) usage(argv[0]); } + if (prefix_g != NULL) { + int len_pfx = strlen(prefix_g); + int mod_len_pfx = len_pfx % address_size_g; + + int len_padding = (mod_len_pfx == 0) ? 0 : address_size_g - mod_len_pfx; + + memcpy(payload + i, prefix_g, len_pfx); + i += len_pfx; + + memcpy(payload + i, "\x90\x90\x90\x90\x90\x90\x90", len_padding); + i += len_padding; + + /* TODO compute wisely these two values */ + written += len_pfx + len_padding; + + idx_stack_g += ((len_pfx + len_padding) / address_size_g); + } + PUT_ADDR(0); /* override the address */ @@ -194,6 +236,19 @@ int main(int argc, char *argv[]) ++idx_stack_g; } + fprintf(stderr, "NOP bytes are at offset %d (%#x)\n", i, i); + for (int nop = 0; nop < suffix_nops_g; ++nop) { + payload[i++] = '\x90'; + } + + if (suffix_g != NULL) { + fprintf(stderr, "suffix is at offset %d (%#x)\n", i, i); + int len_suffix = strlen(suffix_g); + + memcpy(payload + i, suffix_g, len_suffix); + i += len_suffix; + } + /* we write our payload */ fwrite(payload, 1, i, stdout); |