Skip to content

Instantly share code, notes, and snippets.

View segfo's full-sized avatar

segfo segfo

22 followers · 5 following
View GitHub Profile
@segfo
segfo / expression.d
Created December 28, 2016 13:47
演算子評価順序
import std.stdio;
void main(){
int i=0;
(i = 2) = ++i * i++ + i;
writefln("i = %d",i);
}
@segfo
segfo / fsbLeakElfTest.c
Last active December 23, 2016 14:45
fsbを利用したELFファイルのリーク
#include <stdio.h>
int main()
{
char buf[81];
printf("plz, tell me yo name: ");
buf[read(0,buf, sizeof(buf)-1)]='\0';
printf("Hi, ");
@segfo
segfo / testRegex.py
Created December 6, 2016 15:20
testRegex.py
# -*- coding: utf-8 -*-
import re
regexPatt = r".*=([0-9]+)"
regexPatt1 = regexPatt[0:regexPatt.find("(")]
regexPatt2 = regexPatt[regexPatt.find("("):regexPatt.find(")")+1]
regexPatt = regexPatt1+regexPatt2
print "正規表現:"+regexPatt
text = "hogefuga=1234\nfugafuga=8882\nsusono"
@segfo
segfo / SEGV_OS_Dependent.d
Last active September 2, 2016 13:17
OSによってSEGVするコード
import std.stdio;
void main(){
string s="hogehoge";
ubyte[] sb=cast(ubyte[])s;
sb[1]='A';
writeln(cast(string)sb);
}
@segfo
segfo / Windows_subsystem_for_Linux_gdbpeda.md
Created August 4, 2016 07:13 
segfo@AAAA41414141:/mnt/c/Users/segfo/Desktop$ gdb ./a.out
gdb-peda$ start
// 省略
gdb-peda$ vmmap
Start              End                Perm      Name
0x00400000         0x00401000         rwx-      /mnt/c/Users/segfo/Desktop/a.out
0x00600000         0x00601000         r---      /mnt/c/Users/segfo/Desktop/a.out
0x00601000         0x00602000         rw--      /mnt/c/Users/segfo/Desktop/a.out
0x00007fe048430000 0x00007fe0485ea000 r-x-      /lib/x86_64-linux-gnu/libc-2.19.so

0x00007fe0485ea000 0x00007fe0485f2000 ---- /lib/x86_64-linux-gnu/libc-2.19.so

@segfo
segfo / minimal-d_segfover_dso_registry_caller.c
Created July 8, 2016 17:50
C的な擬似コード
void EntryPoint_1(){
  int stack[6];
stack[5] = 0x80534e0; // _deh_end
stack[4] = 0x80534c8; // _deh_begin
stack[3] = 0x80534c8; // _minfo_end
stack[2] = 0x80534a8; // _minfo_begin
stack[1] = 0x8050100; // _slot
stack[0] = 0x1; // version
_d_dso_registry(&stack);
@segfo
segfo / minimal-d_segfover_dso_registry_caller.asm
Last active July 8, 2016 17:47
minimal-dをディスアセンブルした時のやつ
EntryPoint_1
08048385 mov ebp, esp
08048387 sub esp, 0x8
0804838d mov eax, 0x80534e0 ;immutable(void)* _deh_end;
08048392 push eax
08048393 mov eax, 0x80534c8 ;immutable(void)* _deh_beg;
08048398 push eax
08048399 mov eax, 0x80534c8 ;object.ModuleInfo** _minfo_end;
0804839e push eax
0804839f mov eax, 0x80534a8 ;object.ModuleInfo** _minfo_beg;
@segfo
segfo / minimal-d_segfov_sections.asm
Created July 8, 2016 17:43
08050100 dd 0x00000000 ; XREF=EntryPoint_1+33
;
; Section minfo
;
; Range 0x80534a8 - 0x80534c8 (32 bytes)
; File offset 42152 (32 bytes)
;
080534a8 dd 0x0804d3b4 ; XREF=EntryPoint_1+27
080534ac db 0xdc ; '.'
@segfo
segfo / minimal-d_segfover_object.d
Last active July 8, 2016 18:07
object.dを適当に改造したやつ
// object.d 1141-1165行
extern (C)
{
version (OSX)
{
// Set by rt.memory_osx.onAddImage()
__gshared ubyte[] _deh_eh_array;
}
else
{
@segfo
segfo / winshellcode_full.asm
Created December 13, 2015 03:25
[bits 32]
org DEF_ADDRESS
segment .text
start:
cld
jmp short main
api_call:
pushad
xor eax, eax