Created
December 28, 2020 00:43
-
-
Save dbwodlf3/2bb6305550e3a696364c68230074f881 to your computer and use it in GitHub Desktop.
clang_pattern in smc LLVM IR
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ================================================================================ | |
| Jmp to Data Memory. (PIE, NO-PIE 관계 없음.) | |
| ============= | |
| Pattern 1. | |
| clang_m64_smc10.ll | |
| %6 = getelementptr inbounds [24 x i8], [24 x i8]* %2, i64 0, i64 0 | |
| %7 = bitcast i8* %6 to void (...)* | |
| call void (...) %7() | |
| ============= | |
| Pattern 2. | |
| clang_m64_smc12.ll | |
| call void (...) bitcast ([8 x i8]* @code to void (...)*)() | |
| ================================================================================ | |
| Write Executable Memory. NO-PIE. | |
| ============= | |
| Pattern 3. | |
| clang_m64_smc14.ll | |
| store i64 -8029759185026510704, i64* inttoptr (i64 4195612 to i64*), align 8 | |
| ============= | |
| Pattern 4. | |
| clang_m64_smc15.ll | |
| %2 = alloca i64*, align 8 | |
| store i64* inttoptr (i64 4195623 to i64*), i64** %2, align 8 | |
| %4 = load i64*, i64** %2, align 8 | |
| store i64 -8029759185026510704, i64* %4, align 8 | |
| ================================================================================ | |
| Write Executable Memory. PIE | |
| ============= | |
| Pattern 5. | |
| clang_m64_smc16.ll | |
| %2 = alloca i64*, align 8 | |
| store i64* bitcast (i8* getelementptr (i8, i8* bitcast (i64* @key to i8*), i64 -2099609) to i64*), i64** %2, align 8 | |
| %4 = load i64*, i64** %2, align 8 | |
| store i64 -8029759185026510704, i64* %4, align 8 | |
| ============= | |
| Pattern 6. | |
| clang_m64_smc17.ll | |
| %2 = alloca i8*, align 8 | |
| store i8* getelementptr inbounds (i8, i8* bitcast (i32 ()* @main to i8*), i64 107), i8** %2, align 8 | |
| %3 = load i8*, i8** %2, align 8 | |
| store i8 -112, i8* %3, align 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment