Last active
December 11, 2021 22:39
-
-
Save petabyt/d616e3107a1ad609a9566f5e822b3ecb to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #include <string.h> | |
| void hijack(uintptr_t *addr, uintptr_t *newa, uint8_t buf[4]) { | |
| uint32_t temp = (uintptr_t)newa; | |
| if (addr < newa) { | |
| temp = (temp - 8) / 4; | |
| memcpy(buf, &temp, 4); | |
| } else { | |
| temp = 0xffffff - (temp / 4 - 4); | |
| memcpy(buf, &temp, 4); | |
| } | |
| // arm32 branch | |
| buf[3] = 0xea; | |
| } | |
| int main() { | |
| unsigned char inst[] = {0x62, 0x00, 0x00, 0xEA}; | |
| uintptr_t a = 0x; | |
| uintptr_t b = 120; | |
| hijack(a, b, inst); | |
| printf("%x %x %x %x\n", inst[0], inst[1], inst[2], inst[3]); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment