Created
February 5, 2019 18:31
-
-
Save CapsAdmin/182158db81e0674ee55bebfee65003ad to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local ffi = require("ffi") | |
| ffi.cdef[[ | |
| char *mmap(void *addr, size_t length, int prot, int flags, int fd, long int offset); | |
| int munmap(void *addr, size_t length); | |
| ]] | |
| local PROT_READ = 0x1 -- Page can be read. | |
| local PROT_WRITE = 0x2 -- Page can be written. | |
| local PROT_EXEC = 0x4 -- Page can be executed. | |
| local PROT_NONE = 0x0 -- Page can not be accessed. | |
| local PROT_GROWSDOWN = 0x01000000 -- Extend change to start of growsdown vma (mprotect only). | |
| local PROT_GROWSUP = 0x02000000 -- Extend change to start of growsup vma (mprotect only). | |
| local MAP_SHARED = 0x01 -- Share changes. | |
| local MAP_PRIVATE = 0x02 | |
| local MAP_ANONYMOUS = 0x20 | |
| local memory = ffi.C.mmap(nil, 4096, bit.bor(PROT_READ, PROT_WRITE, PROT_EXEC), bit.bor(MAP_PRIVATE, MAP_ANONYMOUS), -1, 0) | |
| if memory == nil then | |
| error("failed to map memory") | |
| end | |
| local pos = 0 | |
| local function write(bytes) | |
| ffi.copy(memory + pos, bytes, #bytes) | |
| pos = pos + #bytes | |
| end | |
| write("\x48\x8b\xc7") -- mov %rdi, %rax | |
| write("\xc3") -- ret | |
| local func = ffi.cast("long (*)(long)", memory) | |
| for i = 0, 9 do | |
| logf("f(%d) = %d\n", i, tonumber(func(i))) | |
| end | |
| ffi.C.munmap(memory, 4096) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment