Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- push %rbx
- mov 8(%rsp),%rbx
- xor %r12,%rbx
- ...
- xor %r12,%rbx
- cmp %rbx,8(%rsp)
- jnz .error
- pop %rbx
- retn
- .error:
- ud2
- ; store the old value of rbx
- push %rbx
- ; read the top value on the stack (the return pointer) and put it in rbx
- mov 8(%rsp),%rbx
- ; xor rbx with a random value stored in r12
- ; rbx now contains the RAP canary
- xor %r12,%rbx
- ; xor the RAP canary in rbx with the random value in r12
- ; this "decrypts" the stack pointer from the RAP canary
- xor %r12,%rbx
- ; compare the top value on the stack (the return pointer)
- ; with the value decrypted from the RAP canary
- cmp %rbx,8(%rsp)
- ; if the comparison fails, jump to error
- jnz .error
- ; restore the original value of rbx
- pop %rbx
- ; return
- retn
- .error:
- ; an error occured, quit the process
- ud2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
